Xbox Live Vulnerability Exposed! Microsoft Ignored The Truth

most viewed right now
 82
NFL Shannon Sharpe "Jason Garrett 'Coward',Pete Carroll 'Coward', John Lynch '..
148 comments
@sports
most viewed right now
 81
Aug 17 - Hooters is hurting cause Millennials don't like t1ts no more, P0rnHub..
201 comments
@misc
most viewed right now
 71
Image(s) inside Yummy 😜
25 comments
@thotsdimesetc
most viewed right now
 56
NFL It makes too much sense, which is why it wont happen.
78 comments
@sports

section   (0 bx goons and 1 bystanders) Share this on Twitter   Share this on Facebook
 

Props Slaps
 6 years ago '11        #1
7541 pageviews
173 comments


Jesszman 2209 heat pts2209
space
space
space
$29,855 | Props total: 207 207
Xbox Live Vulnerability Exposed! Microsoft Ignored The Truth
 

 

[pic - click to view]



From what started as a supposed Fifa 12 hack, turns out to be more then that. Xbox Live has a serious security flaw and Microsoft ignored it for way to long. We have uncovered how easy it is for hackers or anybody with some free time to hack your Xbox Live account.

I spoke with Jason Coutee, a network infrastructure manager who had his Xbox Live account hacked. 8000 Microsoft points were purchased on his account, so he did what anyone of us would do and call Xbox support. A transaction for Xbox Live Family Pack was in the middle of being processed and he was able to cancel it before it went through. Unfortunately Xbox couldn’t refund him for the 8000 Microsoft points but offered to freeze his account for 30 days to investigate. Jason declined to the investigation so that he can do his own investigation. For the next couple of weeks Jason went searching for vulnerabilities that may have caused the hack. He then found Xbox 360′s Achilles heel, Xbox.com

The first step was to gather the Windows Live ID’s of gamertags. So after a round of Halo Reach, he gathered a list of gamertags and enter them individually on Google. Thanks to Facebook, Twitter, or any other links that have their email advertised, hackers now have a potential list of Windows Live ID’s. Now the hackers check to see if the email is a valid Windows Live ID. To do this, hackers headed to Xbox.com Typing in the email and a random password like blah.

If the hacker got the error message “account is invalid” they move on to another email.


[pic - click to view]




When the hacker comes across the error message “password is wrong” then that account is in trouble.



[pic - click to view]



Now with a simple script, hackers can brute force their way into your Xbox Live account. The script would batch run a list of potential password, which anybody can find online with a simple Google search. The script will attempt to enter these potential passwords until it gets in. Xbox allows you to enter your password incorrectly 8 times on the website, then it asks for a CAPTCHA code. When hackers get to that CAPTCHA code, there is a link for “try with another Live ID”. Clicking this link resets the CAPTCHA code and hackers can continue to force their way in 8 more times before they need to click the link again. This process can easily be automated by a skilled hacker. Once a hacker is in your account, nothing is safe. Hackers will take your credit card info, Netflix, Hulu Plus, the works.

So what are hackers going to do with your hacked account? Most likely purchase games and Microsoft points, change your gamertag and the email a.ssociated with then sell it online. For extra kicks they might also purchase a Xbox Family pack to add 3 more gamertags to their arsenal. Hackers are known to do this several times a day. Making several hundred dollars a day off of Microsoft’s laziness and your money.

Jason Coutee attempted to call Microsoft to report his findings and Microsoft Headquarters gave him the run around. Instructed him to email helpnow@microsoft.com He also tried calling 1-800-4-MY-XBOX where he spoke with a supervisor. The supervisor instructed him to take it to the Xbox.com forums. His latest attempt was with the Piracy and Phishing department at Microsoft who wouldn’t help him with anything Xbox related. Everybody at Microsoft refused to acknowledge the issue and because of that, gamertags are still being hacked. Microsoft can easily fix this issue by sending an email to people when there are more than X amount of failed login attempts and by by storing session id’s.



Thanks to Jason Coutee and Jesszman


[pic - click to view]

 Xbox Live Vulneribility Exposed! Microsoft Ignored The Truth - AnalogHype

173 comments for "Xbox Live Vulnerability Exposed! Microsoft Ignored The Truth"

 6 years ago '04        #2
DJKromeX 39 heat pts39
space
avatar space
space
$1,303 | Props total: 0 0
Shout outs to Jesszman
 6 years ago '11        #3
Jesszman 2209 heat pts2209 OP
space
space
space
$29,855 | Props total: 207 207
Thanks Krome, glad I could help!
 01-12-2012, 09:39 PM         #4
SmooveDude 
space
space
space
$n/a | Props total:  
thats sucks for people who like twitter and facebook

but since i dont do the whole social networking thing im good to go
 6 years ago '11        #5
dom 30 heat pts30
space
space
space
$8,349 | Props total: 204 204
So once again Microsoft could have prevented some really bad sh*t from happening and didnt. Microsoft makes money off this sh*t. I cant wait to read what DJ, flawless image and the rest of Xbox's cronies say about this sh*t.

Hey wait they havent responded yet. Lets really pay attention to the first thing they mention. I bet yall they gonna do 1 or 2 things- Attack Jezzsman for posting this thread or bring up issues with Sony. There's NOTHING IN THIS ARTICLE ABOUT SONY. THIS HAS NOTHING TO DO WITH SONY. There going to be the one's to bring Sony into this. Watch and see. There going to defend Microsoft for having bush league a.ss security. peep game
 6 years ago '11        #6
Jesszman 2209 heat pts2209 OP
space
space
space
$29,855 | Props total: 207 207
umm, DCM, technically you just brought up sony lol.
 6 years ago '11        #7
dom 30 heat pts30
space
space
space
$8,349 | Props total: 204 204
 Jesszman said:
umm, DCM, technically you just brought up sony lol.
Yeah I know but I didnt compare the 2 companies or say Sony was the answer. This is still about Microsoft Security problems
 6 years ago '11        #8
Jesszman 2209 heat pts2209 OP
space
space
space
$29,855 | Props total: 207 207
Yeah, i feel you.
 6 years ago '05        #9
Krazie 133 heat pts133
space
avatar space
space
$44,540 | Props total: 17696 17696
Social engineering isn't a new thing, but that's pretty lacking on Microsoft's part if they don't lock attempts after so many tries, even with a capture image.
 6 years ago '11        #10
Jesszman 2209 heat pts2209 OP
space
space
space
$29,855 | Props total: 207 207
 DJ Krayzie said:
Social engineering isn't a new thing, but that's pretty lacking on Microsoft's part if they don't lock attempts after so many tries, even with a capture image.
 6 years ago '05        #11
Krazie 133 heat pts133
space
avatar space
space
$44,540 | Props total: 17696 17696
 Jesszman said:
What?
 6 years ago '11        #12
Jesszman 2209 heat pts2209 OP
space
space
space
$29,855 | Props total: 207 207
idk lol. have you played asura's wrath?
 6 years ago '05        #13
Krazie 133 heat pts133
space
avatar space
space
$44,540 | Props total: 17696 17696
 Jesszman said:
idk lol. have you played asura's wrath?
Not yet.. I'm kinda psyched to try it though. I don't usually mess with demos, so I'll just Gamefly it when I get the chance.
 6 years ago '11        #14
dom 30 heat pts30
space
space
space
$8,349 | Props total: 204 204
Asura's Wrath, the demo didnt do it for me. He look corney wit 6 arm's to me
 01-13-2012, 12:00 AM         #15
One Gud Cide 
space
space
space
$n/a | Props total:  
This isn't Microsofts problem at all. You can do this on literally every single site/form/etc that has a username and pass. All they're doing is trying to guess your password.

Now with a simple script, hackers can brute force their way into your Xbox Live account. The script would batch run a list of potential password, which anybody can find online with a simple Google search. The script will attempt to enter these potential passwords until it gets in.
If you're still stupid enough to use passwords like "12345" "password" etc, then basically you deserve to have your account stolen.

People think "oh it says mix upper/lowercase letters, mix in numbers, and don't use words" it's just written there for no reason.
 6 years ago '11        #16
Jesszman 2209 heat pts2209 OP
space
space
space
$29,855 | Props total: 207 207
Son, the second level of the demo was amazing.
 6 years ago '07        #17
I bleed GREEN 34 heat pts34
space
avatar space
space
$20,972 | Props total: 14095 14095
 DominationCM said:
So once again Microsoft could have prevented some really bad sh*t from happening and didnt. Microsoft makes money off this sh*t. I cant wait to read what DJ, flawless image and the rest of Xbox's cronies say about this sh*t.

Hey wait they havent responded yet. Lets really pay attention to the first thing they mention. I bet yall they gonna do 1 or 2 things- Attack Jezzsman for posting this thread or bring up issues with Sony. There's NOTHING IN THIS ARTICLE ABOUT SONY. THIS HAS NOTHING TO DO WITH SONY. There going to be the one's to bring Sony into this. Watch and see. There going to defend Microsoft for having bush league a.ss security. peep game
yeah i hadnt responded yet,damn guess i shouldve got on here on my phone to check for new threads about xbox security while i was out. funny for calling me out though cause really im not an xbox cronie i just like calling sony fanboys out,when i see a spade i call it a spade whether or not they try to act like they arent undercover fanboys.

and this doesnt surprise me at all people do this on all kinds of websites
 6 years ago '05        #18
Krazie 133 heat pts133
space
avatar space
space
$44,540 | Props total: 17696 17696
 One Gud Cide said:
This isn't Microsofts problem at all. You can do this on literally every single site/form/etc that has a username and pass. All they're doing is trying to guess your password.



If you're still stupid enough to use passwords like "12345" "password" etc, then basically you deserve to have your account stolen.

People think "oh it says mix upper/lowercase letters, mix in numbers, and don't use words" it's just written there for no reason.
Yeah, it's a flaw, but it truly is the user's fault even more so. This is why I use a completely unique LIVE ID than I use for anything else anymore.
 6 years ago '06        #19
coolio 57 heat pts57
space
avatar space
space
$18,375 | Props total: 9 9

[pic - click to view]

 6 years ago '11        #20
dom 30 heat pts30
space
space
space
$8,349 | Props total: 204 204
 Flawless Image said:
yeah i hadnt responded yet,damn guess i shouldve got on here on my phone to check for new threads about xbox security while i was out. funny for calling me out though cause really im not an xbox cronie i just like calling sony fanboys out,when i see a spade i call it a spade whether or not they try to act like they arent undercover fanboys.

and this doesnt surprise me at all people do this on all kinds of websites
I knew I was going to get your attention not by mentioning your name but by capitalizing SONY. But on a real note it dont matter if its SONY or Microsoft getting your sh*t jacked by a bi*ch a.ss hacker isnt funny at all
Home      
  
 

 






most viewed right now
 49
Video inside What the hell this kid been eating
96 comments
22 hours ago
@wild'ish
most viewed right now
 42
Video inside Are You Above Or Below Average?
30 comments
21 hours ago
@wild'ish
most viewed right now
 31
Image(s) inside Sidechick ass @baddiegi__ (Would Pipe)
17 comments
22 hours ago
@thotsdimesetc
most viewed right now
 23
Uncle Murda's son accidentally sends a text to his Dad, meant for a Thot
135 comments
20 hours ago
@hiphop
most viewed right now
 19
Video inside Glass Shotgun Slugs Your Worst Nightmare
62 comments
22 hours ago
@wild'ish
most viewed right now
 13
Image(s) inside Tiffany Haddish Got Stephen Colbert Ready To Risk It All
128 comments
2 days ago
@thotsdimesetc
most viewed right now
 13
PS4’s System Software 5.00 Beta Rolls Out Today, Key Features Detailed
26 comments
20 hours ago
@games
most viewed right now
 11
Image(s) inside You Should Never Give Coloring Books To Adults
63 comments
21 hours ago
@wild'ish
back to top
register contact Follow BX @ Twitter Follow BX @ Facebook search BX privacy