Dive into the Matrix of Reality!
Over the past couple of months I’ve been paying a very close attention to SecondLife and the world that has been built on the top of it. 3D worlds are not the kind of thing that interests me the most, but what I was really looking for was the breaking point of reality – the place where the virtual world enters into the physical world. I’ve found some interesting things around this area and also discovered and brainstormed a few other things that might interests you, I am planning to cover soon. Before watching the video, please read on!
Now… it is really pointless to talk about what SecondLife is. If you don’t know, download the software and check it out for yourself. We are not interested in the basics. What is more interesting to understand, is what malicious minds can do with it. To a great extend, SecondLife resembles some of the characteristics of The Matrix (I know that this sounds lame and geeky, however…). It is no longer 2D, as it is the case with the Web. It is 3D! Some of you may perceive this obvious conclusion as not big of a deal but in practice it does introduce quite a few changes which I/we cannot easily ignore and we have to deal with, especially when it comes to security, privacy, and all other things malicious minds can abuse.
The biggest obstacle when it comes to things such as SecondLife is the perception of space. It is easy to locate things on the Web, because the information is organized around a 2D structure. We do have things such as depth (link depth) and I guess that some of you may perceive this as another dimensions, but the fact is that we work in a 2D world and this is all about it.
In SecondLife the situation is much different. First of all, the space is 3D. An object can be anywhere. It could be on the left, right, underneath or 50ft. above the ground. This object can also be composed of parts located on different places. It is obvious that navigation-wise, it is a lot harder to find things you are not generally looking for. Therefore, it is generally easier to hide things inside the world, like for example valuable artifacts.
What does this means in terms of security?
Let’s put it this way (examples are always helpful): It is possible to build botnet command and control centers on the top of SecondLife that only those who have developed them know how to find them. Suddenly, portscanners and other network tools become absolutely useless. The 3D nature of SecondLife has made one technology absolute and replaced it for another. I call this evolution.
My example is probably one of the lamest but I hope that it does give you some food for thought. Another obvious difference is that conversations and meetings can take place in random places which cannot be easily discovered. Think about The Matrix for a second. The opposition, Morpheus and the other guys, conduct their secret meetings inside The Matrix. Why on earth would you like to do that?
Technically, it should be possible to detect when something like this happens. Thought, the truth is far from what we believe is technically possible. Because of the nature of The Matrix, it is extremely hard to differentiate malicious from none-malicious activities. The Matrix sees a bunch of guys dressed in nice suits, having a chat in some basement (I think that I can write a signature for that). Nothing more! It is the same with SecondLife.
I am going to leave you in peace with this for now! Check out the video on the top of the post. I find it amusing and at the same time very worrying. If you are serious about security and you have the hacker mindset you should really pay attention on SecondLife. There is a lot going on and some of these developments may easily be part of your next pentest.
ip responds:
I’ve been doing a ton of research into security in second life. I’ve put a rough presentation together for use internally, but plan to do a proper one sometime. I highly recommend checking out the combat arenas and combat huds as a first start for some of the security implications.