Top
150°

Xbox.com Security Toughens Up Not Enough To Stop Hackers

AnalogHype:"Jason Coutee returns to demonstrate the changes Microsoft made since the Xbox.com security flaw was exposed and how its still not enough to stop hackers."

Read Full Story >>
analoghype.com
The story is too old to be commented.
Intentions2100d ago

At least they did something to try stop it.

But at least I know that no one can hack my account. I bet you guys here can't even hack into it.

Prove me wrong.

Fishy Fingers2100d ago

Of course not, N4G is a site for fans of gaming, it's hardly a source of 'hackers' is it. Think about it.

Either way, play the numbers game, even if a few get hacked, it's highly unlikely to be you. Be smart with your details etc, you should be fine.

Flatbattery2100d ago

You seem a little over confident of a security system you have very little control of.

If Visa, Paypal and the Pentagon can get hacked, no security is 100% safe.

Yes I am aware this is likely all due to phishing scams, but don't think for one moment you could never get scammed.

Jdoki2100d ago

It's that sort of devout faith people put in company's who are primarily geared up to extract money from your wallet and maximising profit, that leads to complacency and ultimately getting ripped off.

egidem2100d ago (Edited 2100d ago )

If there's anything that I've learned from the Interwebs is that there is always a way around an obstacle. Build a security firewall and people will find ways to circumvent it. Take the SOPA thing for example.

These guys think that doing a little thing such as blocking DNS or banning certain IP addresses will do the trick. They aparently never heard of proxy servers.

Telling people that no one can hack your account is like saying that you've hidden the keys therefore no one can steal your car.

You and your Intentions have to get real.

Intentions2100d ago

Lol can't believe people took my comment seriously.

GraveLord2099d ago

Check your bank account :D

+ Show (3) more repliesLast reply 2099d ago
marison2100d ago

You could use brute force to break CAPTCHA. Let alone a simple user and password security schem. If someone use this script on other sites like Google or PSN, they will get access eventually.

That's the motivation for Google 2-step verification:
http://support.google.com/a...

Jdoki2100d ago

To call this 'hacking' gives far too much credit, and diminishes the skills and talent real hackers have (not condoning hacking, but there are some seriously talented people out there).

MS had / have a minor flaw in their security set up - part of which is to cause less inconvenience to the end user (i.e. it doesn't lock the account after X number of failed attempts). Security will always be a balance between restricting the end user and potentially leaving a hole that malicious people will exploit.

marison2100d ago

Agreed. It's only a stupid way and ubiquituous to get account credentials.

Redempteur2100d ago (Edited 2100d ago )

Except that it is not a minor flaw. Any web designer will tell you that was a major flaw in their system. Nobody should be able to retry as they wish until they found the right solution.

Are you telling me it's alright that xbox.com was /is vulnerable to brute force attacks ?

marison2099d ago

They have limited the attempts requiring more time and using captcha.

There's a compromise you could treat to your users. If they do more, legitimate users will have a non desirable expericence.

iamnsuperman2100d ago

Would love to read this article except for the large SOPA black thing is kind of in the way so have to comment based on the title

Finally doing something about it. Taken quite a while

marison2100d ago

I have read it before anti-SOPA blackout. He used a Visual Basic Script to automatize brute force login attempts.

After MS changes to the login process, he have changed the delay to more seconds.

This brute force method, after the MS changes, will only get very poor created passwords and only will work if people know a possible username (e-mail) used for Xbox Live.

iamnsuperman2100d ago

Thanks a lot +bubs. So it isn't totally fixed. Microsoft need to get on this.

marison2100d ago

It's impossible to fix to any company is more correct.

Only thing will work is change the amount of time neccessary to brute force a password and use other methods to increase security. MS did that.

MorningStar2100d ago

Yep everything is hackable. I laugh when I hear people say that their system is unhackable. Sony said such things and now it's the most hacked games console. Its the most openly moddable console. Titanic said the same thing... that ended well. Another big online game Habbo Hotel. They said their game was unhackable until their whole system was compromised a few years back. While I think Xbox Lives service is very secure and people think hacking as a general term it isn't 100% as no system is.

Irish_Fella2100d ago

People are disregarding EA here as well as MS, thankfully I had no CC info on my XBL account, but I did have around 1600 MSP which the hacker used to buy Ultimate Team Gold Packs for FIFA 12 and he stole all the players, contracts, couch's,etc from my Ultimate Team also.

Although in saying that it was a pretty poor team and I never intended on using it, but I digress.

Show all comments (19)