XBox Live ‘hacks’ debacle
p2pnet.net news:- Bill and the Boyz not only have egg all over their faces, but on their shirts, pants, shoes and socks as well.
“Online gaming forums are buzzing with reports that Xbox Live accounts linked to Microsoft’s Windows Live ID service are being hijacked by malicious hackers,” Ryan Naraine posted on ZDNet’s Zero Day blog, going on:
“Kevin Finisterre, a security researcher at Digital Munition, raised the issue on the Full Disclosure mailing list over the weekend, calling attention to rumors that Microsoft’s Bungie.net was the victim of a breach that exposed a portion of Xbox Live.”
But the Microsoft folks werekeeping their heads well down and, “Despite some recent reports and speculation, I want to reassure all of our 6 million Xbox Live members that we have looked into the situation and found no evidence of any compromise of the security of the Xbox Live Network or Bungie.net,” declared Major Nelson unequivocally on the Xbox Live blog the day after Naraine’s story.
He went on:
There have been a few isolated incidents where malicious users have been attempting to draw personal information from unsuspecting users and use it to gain access to their LIVE account. This is a good time to remind our members that they should never give out any of their personal information.
But it’s all true and users aren’t to blame after all.
Microsoft is.
“Earlier this week when I first heard about the ‘Xbox Live network hacked’ story, I checked with the people on our end, and then posted about it,” says Major Nelson, aka Larry Hryb, Xbox Live director of programming, going on:
As originally posted, Xbox Live has not been hacked. That is still true. A security researcher, Kevin Finisterre, discovered not a hack, but the fact that some accounts may have been compromised as a result of ’social engineering’, also known as ‘pre-texting’, through our support center.
Kevin gave me a call directly and once I realized what he was talking about (he sent me some painful-to-listen-to audio files) I confirmed that the team is fully aware of this issue. They are examining the policies, and have already begun re-training the support staff and partners to help make sure we reduce this type of social engineering attack.
There’s no other way to say it; this situation shouldn’t have happened. Our customers deserve better.
The Xbox team takes what happened and the resolution of it very seriously. I also wanted to let you know that we’ve posted a page on Xbox.com ‘Troubleshooting Access to your Xbox Live Account’ that can help you if you have questions. Finally, I chatted with Kevin earlier today and thanked him for bringing this issue to our attention. I also let him know that we have a much better understanding of this issue and that we are reviewing the processes in place to help prevent this in the future.
Now you know.
Also See:
Zero Day blog – Xbox Live hacked, accounts stolen, March 20, 2007
If your Net access is blocked by government restrictions, try Psiphon from the Citizen Lab at thIs the end (of the Net) nigh?zze University of Toronto’s Munk Centre for International Studies. Go here for the official download, here for the p2pnet download, and here for details. And if you’re Chinese and you’re looking for a way to access independent Internet news sources, try Freegate, the DIT program written to help Chinese citizens circumvent web site blocking outside of China. Download it here.
rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php | | And use free p2pnet newsfeeds for your site
Tired of being treated like a criminal? They depend on you, not the other way around. Don’t buy their ‘product’. Do bug your local politicians. Use emails, snail-mail, phone calls, faxes, IM, stop them in the street, blog. And if you’re into organizing, organize petitions, organize demonstrations and then turn up on your local political rep’s doorstep, making sure you’ve contacted your local tv/radio station/newspaper in advance. Don’t just complain. Do something!
