Xbox Live fraud: Xbox.com security tightened

xbox.com security already fixed After a potential problem "Hacking via Login Recurring" appears in various media, Microsoft fix a problem on security Xbox.com 'on the "backend" so that it appears there is no change to regular user.

Jason Coutee, the IT consultant who revealed the weak underbelly of Xbox.com, informed Eurogamer yesterday that something had changed.

"Shortly after IGN posted the Microsoft response (on Friday), the server over at Xbox.com started handling the brute force script differently," Coutee told us.
"Before, it would just let you try over and over. But now it seems that, even though I'm still able to use the link to get past the CAPTCHA, they handle the sign-in request on the server in a way that it will stop replying after about 20 attempts.

"The online safety of Xbox Live members remains of the utmost importance, which is why we consistently take measures to protect Xbox Live against ever-changing threats," the company declared.
"Security in the technology industry is an ongoing process, and with each new form of technology designed to deter attacks, the attackers try to find new ways to subvert it.
"We continue to evolve our security features and processes to ensure Xbox Live customers' information is secure.
"Online fraud and identity theft are industry-wide problems and, as such, people using any online services should set strong passwords, not share those passwords across multiple services and refrain from sharing any personal details that could leave them vulnerable.
"This is not a loophole in Xbox.com," Microsoft rejected. "The hacking technique outlined is an example of brute force attacks and is an industry-wide issue."

Last week, Eurogamer helped expose the brute-force method being used to access - and subsequently fraudulently use - Xbox Live accounts. It boiled down to being able to infinitely try Windows Live ID passwords on Xbox.com. A script to automate this procedure is apparently simple to produce and readily available online.

Source

• Share this on del.icio.us
• Digg this!
• Stumble upon something good? Share it on StumbleUpon
• Share this on Reddit
• Add this to Google Bookmarks
• Tweet This!
• Share this on Facebook
• Share this on Mixx
• Subscribe
• Buzz up!
• Share this on Linkedin
• Submit this to DesignFloat
• Share this on Technorati
• Submit this to Script & Style
• Post this to MySpace
• Share this on Blinklist
• Share this on FriendFeed
• Seed this on Newsvine