Second Life is already a bottomless vortex for time and money, right? Now, thanks to a security flaw, residents' virtual coinage won't be wasted on clothing and other unreal bric-a-brac. Hackers Charles Miller and Dino Dai Zovi have found a QuickTime exploit which allows them to "pickpocket" unsuspecting avatars. When a resident walks by an infected piece of streaming media, it triggers a website which takes control of the avatar and cleans out its Second Life cash and property accounts.