SecTor security conference about Xbox LIVE Hacking Posted by XanTium | October 8 21:19 EST | News Category: Xbox360

From internetnews.com: [QUOTE] At a session during the SecTor security conference, Chris Boyd, director of research at Facetime security labs, detailed the myriad methods by which gamers -- and in particular, Microsoft Xbox 360 users -- are under attack by cyber criminals. "Though the Xbox doesn't have the number one market share, it is the top target for hackers," Boyd said. "Xbox Live has 17 million plus subscribers and that service requires payment." One way that attackers enumerate their targets is by way of information that is easily publicly accessible. Xbox users gain points during gameplay, which leads to a gamerscore metric. The higher the gamerscore, the more valuable the gamer account. Boyd noted there is no easy way to keep a gamerscore private. Once the attackers have identified their target, there are multiple methods they use to try and gain control of a user's account. One method that Boyd described is by way of social engineering, a tactic that has plagued regular consumer and enterprise users for years. [/QUOTE] Full Story: internetnews.com

Every time I go on live I see a distinctive "Microsoft will never ask for passwords or personal information" I mean some people are just stupid. But for kids I can see this being a different story. Just do what I do and buy a card and get a month free.

as i say ignore people u dont dont if it its something being offered for free dont believe it theres no such thing as a free lunch and dont sign in to any site that is not a official microsoft site plan and simple

Umm.. How much do they pay this guy ?

Yea little kids are pretty stupid. Actually its not to bad that they get their accounts stolen, as 90% of them are annoying as hell to hear on live.

If you play halo 3, they have little messages flashing on the left side of the screen stating not to give out your password to strangers. You figure people would really be smart enough to know that a password is made to be secret, that it shouldnt be given away. Funny kids/people give out their password to get Recon armor or free MS points and end up getting screwed.

If you get phished/scammed etc etc you deserved it.

IMHO, 'social engineering' has nothing to do with hacking.

I hate it when people say their password got 'hacked' when in reality scamming someone into providing their password to you is NOT A FORM OF HACKING, it's just plain old manipulation/scamming/conning, and definitely NOT 'leet hacking'.

Retarded news post. 'Nuff said.

+1

I get depressed when I hear people calling scamming hacking just because it happened online. It's annoying as hell, and there's really nothing Microsoft can do about it. They already inform people that they never ask for passwords.

And if someone is dumb enough to give their password to someone they don't know, well then, sucks to be them. Cancel your credit card, call Microsoft to get your password changed, live with the consequences.

The whole "security breach" that I see is that your network becomes pretty vulnerable with xbox live, I had a friend who had xbox live kids go into his network crack his router admin password and flash a firmware that killed it. He lost his router.

Social Engineering is just a fancy way of saying 'scam'. This in no way has anything to do with them hacking into some microsoft accounting main-frame like the article seems to imply. It's just people with too much time on their hands preying on people with no common sense.




That doesn't really have anything to do with microsoft. They were probably able to see logs from their router, see which IP it was communicating with, and were somehow able to guess (or as you say 'crack') the admin password. Your friend should make his router settings accessible only by someone within his intranet AND enable WEP or some other built in security it has so people cant stand outside his house and reflash his router.

Xbox live enabled the hackers to easily breach the homes network security, thats the point of my post.

no. no it didnt.
so an IP was visible. this happens pretty much any time you communicate at all over hte internet. an ip isnt a skeleton key to your "secure" shit. you leave admin/admin as your logon, you dont have your network secured. your fault. xbl isnt some gateway through which bad shit can spread however it sees fit.

No thats not the godam the point. Im not saying its going to happen to you. If some one is out to get you and knows his shit in order for him to penetrate your home network security all he has to do is be in a game with you, Im sorry but this is a big security flaw, and people should realize it.

Also a hacker in your network, can do alot of bad things. Basicaly start snooping all the traffic in the local network for passwords, the router thing where they flashed a wrong image on it. The people that had this shit happen to them wasn't over AIM it was through xbox live. READ the XBOX LIVE service is what allowed them into their network so how is not a security flaw? Because you say so

So yeah I would be careful.

Edit:
Do you even know anything about internet security? WEP can be cracked and snooped within 10 minutes of trying to crack the wireless key.

Only thing they can get is the IP. Who cares if you can get there IP. They cant do anything unless your a real noob and leave default password on your router or you have port forwarded to your computer with no password on remote desktop and such.



They cant do anything back in the old days of hubs instead of switching routers they could snoop network traffic but not anymore since its not sent to every port but only the 1 destination.

And flashing the wrong image on a router wont brick it, It will just sit in safe mode and requires you to eather upload a new image over serial port, Jtag or network port with routers special software.




Yes WEP is useless for anyone thats done there research, Thats why you use WPA instead and use a password longer then 6 letters/numbers.

Wow, it sounds like Microsoft could solve some of these problems with dedicated servers...

No, not even one of these problems.