I'm thinking of it this way. If a hacker finds an exploit MS doesn't know about and gains access to the system, that's practically an act of god. There's no such thing as a 100% secure system. I can forgive that. If MS stores passwords such that any random customer service rep can actually read them, that's a bad thing that is their fault. Further, if they are letting CSRs give out existing passwords over the phone, that is inexcusable. Like I said, I don't think that's what is happening, but if it was I would not be very forgiving.
Potential Xbox Live hacking related to FIFA 12
- Thread starter Scott_Arm
- Start date
I'm thinking of it this way. If a hacker finds an exploit MS doesn't know about and gains access to the system, that's practically an act of god. There's no such thing as a 100% secure system. I can forgive that. If MS stores passwords such that any random customer service rep can actually read them, that's a bad thing that is their fault. Further, if they are letting CSRs give out existing passwords over the phone, that is inexcusable. Like I said, I don't think that's what is happening, but if it was I would not be very forgiving.
The Phising stuff is getting crazy, so crazy that the response is almost as crazy, but i guess needed..
Up to FIVE security Questions, whenever you log in from an unknown IP/Location/Computer.
That is Starwars The Old Republic
Having security questions is a crazy response? My bank has been doing this for 10 years.
Bizarrely me bank recently changed it's added security from requiring a separate card password per transaction to none whatsoever. They've actually reduced security!
I wish our ID card or some similar system would go world-wide. It would pretty much solve large majority of the security problems everywhere.
Afaik you have to answer all five questions before you can login, i havent see that before..
In Denmark there is a solution that is supported by EVERYONE,pensions funds, banks and official stuff, etc..
Called "NemID". You got a card with a printed list of numbers. Whenever you login to a bank, you are asked to provide a Number form Row "X". Like a printed electronic secure token, and yes the electronic token is also something you can get.
... and the story continues.
http://twitter.com/#!/geoffkeighley
[size=-2]Geoff Keighley must have succumbed to phishing scam too.[/size]
http://twitter.com/#!/geoffkeighley
[size=-2]Geoff Keighley must have succumbed to phishing scam too.[/size]
Personally I think it's all from the PSN hack. People using the same email addresses & passwords on different sites.
I didn't have a PSN account at the time of the hack.
Other victims already confirmed they have different or even unique passwords on XBL, especially after the PSN intrusion. Assuming they are telling the truth, this is one of the reasons I doubt the XBL incidents are pure phishing. And as you can see, it's still on-going.
Whatever the trick or hole is, I don't think the end users are necessarily at fault.
Since you brought up PSN, what did Sony do to detect and lock down the successful but suspicious logins a couple of months ago ? Should there be an additional check during payment ? I sure hope they observe these incidents and learn from them too. Hackers will someday try the same on PSN if not already.
The XBL customer service also forget to (remind users to) reset the security questions, so some victims are hit again after they got their accounts back.
Whatever the trick or hole is, I don't think the end users are necessarily at fault.
Since you brought up PSN, what did Sony do to detect and lock down the successful but suspicious logins a couple of months ago ? Should there be an additional check during payment ? I sure hope they observe these incidents and learn from them too. Hackers will someday try the same on PSN if not already.
The XBL customer service also forget to (remind users to) reset the security questions, so some victims are hit again after they got their accounts back.
The recent incident I'm guessing was detected as an abnormal number of failing login attempts from a narrow range of IP addresses. You'd hope MS would have similar detection capabilities, but who knows? For all we know MS behind the scenes honestly believes the phishing explanation and aren't looking any deeper into it. In any case Xbox Live definitely needs some of the SteamGuard style protections where logging in from a new system requires a confirmation through email, changing anything removes all your payment information, etc.
It wasn't just PSN that was hacked. And Sony are not the only victims of hacking.
Heck, look at these forums, how many have released their GT here? ...
I don't think you understood my point: There wasn't just one Sony network compromised as there was PSN and there was SOE and SPE and ... and to my second point there are many ways to fish for this info, e.g. compromised online BBs, old compromised data from online stores, etc. Culling data from databases and testing against a network isn't impossible.
I have no clue if MS has been compromised. I haven't followed this much, but it seems that there is some odd association with EA online enabled software so there may be a compromise somewhere between Live and EA.
I have no clue if MS has been compromised. I haven't followed this much, but it seems that there is some odd association with EA online enabled software so there may be a compromise somewhere between Live and EA.
Beetlejuice
I wonder how many million live accounts hacked stories are brewing for next week. Reminds me of the Mac vs PC ad campaign where every infection was lumped in as a PC virus. PC users tried to teach there's a difference between a virus, malware, trojan but nobody listened. Then Mac users began to teach the difference between malware and a virus once macs got hit with more and more malware.
Why not release the actual number ? "Less than a million hacked due to this latest attempt" is pretty vague. Other companies always quote an absolute figure for reporting incidents. They are not doing themselves a favor here.
If it's 100,000 cases, the $$$ loss is already US$10 million or more based on The Sun's average incident estimate of £100 (or US$100+ for GAF thread victims).
If it's 500,000 cases, it's US$50 mil. If it's closing in on 1,000,000, it will scale towards US$100 million.
Specify an accurate number will curb the talk. And f*ck, the hackers are getting rich if they can monetize this fully.
And they should fix their customer service procedure to prevent multiple incidents from happening.
Some victims reported that they have unique password for XBL, and some of them don't have EA accounts prior to the hack. It may be due to a number of techniques but XBL should develop capability to detect and minimize them further.
Seeing as the 1M number isn't a quote it would be curious to get what was SAID before running off on some tangent. Did they say 1M? A
But I bet that is why MS is being coy: They are not only a target for exploits but also for the shill noise. Quick, point out a shill who will make a clear distinction between an account being compromised and a network being compromised. <crickets> If this is a case of an external compromise (e.g. individual accounts exploited through outside data mining) there is nothing in particular to resolve than to work with the individuals compromised. Why give fodder to the shills to trumpet a hack when a network hacking has not occurred?
I doubt they are being coy because they don't know what the problem is (per a previous poster--my little bitty Linux box does the tracking he was indicating MS may not be doing). And I doubt they are just sitting on their hands saying it is only phishing. This is more of a story in progress for outsiders and any quiet is due to the lack of advantage of announcing it. Worst case is the hole is still open and they want to announce an exploit after it has been or can be patched.
But I bet that is why MS is being coy: They are not only a target for exploits but also for the shill noise. Quick, point out a shill who will make a clear distinction between an account being compromised and a network being compromised. <crickets> If this is a case of an external compromise (e.g. individual accounts exploited through outside data mining) there is nothing in particular to resolve than to work with the individuals compromised. Why give fodder to the shills to trumpet a hack when a network hacking has not occurred?
I doubt they are being coy because they don't know what the problem is (per a previous poster--my little bitty Linux box does the tracking he was indicating MS may not be doing). And I doubt they are just sitting on their hands saying it is only phishing. This is more of a story in progress for outsiders and any quiet is due to the lack of advantage of announcing it. Worst case is the hole is still open and they want to announce an exploit after it has been or can be patched.
Similar threads
