Microsoft adjusts reported Live ID security concern

Microsoft has quietly altered its Windows Live ID login in response to a reported security concern. Last week, a brute force hack was exposed, with Microsoft's phrasing of error codes and infinite attempts to access accounts helping hackers along. The security flaw gained more exposure due to the ongoing "FIFA hack" and related security concerns.

The story is too old to be commented.
metsgaming2225d ago

They deny it was a loophole yet they go and fix that "non existing" loophole. lol

Most websites stop you after many attempts theirs didnt and they had to fix it. Thats the jist of it.

IHateYouFanboys2225d ago

its not a loophole at all, and they didnt FIX anything.

they simply changed it to better stop brute force attempts. i do love how the article says:

"Microsoft has quietly altered its Windows Live ID login"

"quietly"? what do you want them to do, send out a big press release and make a TV ad? get your hand off it.

the reality is that there is nothing you can do to stop someone guessing your password. NOTHING. you can prolong how long it takes them to guess it, but if they want it they can get it eventually. if you have a strong password, it makes it unfeasible for them to do so, so they move on and find the thousands of people with 'password' as their password. this is NOT a fault with Microsoft or their XBox Live login page.

and again, since people in the comments dont seem to understand - this is NOT xbox live being hacked. it is NOT like what happened with sony and the PSN. NOONE HAS HACKED INTO XBOX LIVE. some peoples individual EMAIL accounts have been broken into via brute forcing their passwords. Xbox Live is still sealed off tighter than a seals bu.....well you get the point.

GraveLord2225d ago Show
Christopher2224d ago

***the reality is that there is nothing you can do to stop someone guessing your password. NOTHING.***

1. Kind of standard to lock out accounts and send an e-mail to the address on file when too many attempts have been tried against the account.

2. Intrusion detection and prevention systems are pretty standard and one of the primary goals of them is to detect brute force attacks and to, at the least, warn a network admin of them if not to all together block the source of the intrusion from being able to access the system for a set period of time.

3. CAPTCHA prevents brute force attacks as well, I hear. Which is funny since they use it for resetting your password, but not for multiple failed attempts at logging into one's account, let alone just for logging in.

I agree, this is not the same as the PSN hack, far from. But, this could have easily have been prevented by Microsoft ages ago. Especially considering these type of account intrusions have been occurring for many many months now.

dark-hollow2225d ago

I always wished they let us use any email for our gamertag account.
Windows live are very bad and i only got one for the gamertag.
GMAIL ftw!!!

coryok2225d ago

"industry wide" in the sense that everyone in the industry (no one else, it was just microsoft) stupid enough to let people do this had this problem

Godmars2902225d ago

And yet by the title pic, ironically enough, MS wont come under fire to any level near what Sony did.

urwifeminder2225d ago

Network is still online people can still play have fun chat to friends download demos yet somehow its as bad as the psn hack, it hasnt made international news on tv every five minutes not so bad i think.

IWentBrokeForGaming2225d ago

Just wait...

If 360 users getting hacked made it into some of the biggest newspaper releases in the UK, it'll be a matter of time till it reaches the US in some form!

Show all comments (10)