Xbox Live Vulnerability Exposed! Microsoft Ignored The Truth

most viewed right now
 97
Cash Me Outside girl going in on Big Soulja:"I got more money lst week then u ..
129 comments
@hiphop
most viewed right now
 96
Video inside BREAKING: APD Release Video of Bankroll Fresh Firing 1st
92 comments
@hiphop
most viewed right now
 86
Image(s) inside Yooo we found him again.
60 comments
@wild'ish
most viewed right now
 57
NFL Aaron Hernandez : "Imagine I go in a club and niggas try me"
184 comments
@sports

section   (0 bx goons and 1 bystanders) Share this on Twitter   Share this on Facebook
 

Props Slaps
 5 years ago '11        #1
7274 pageviews
173 comments


Jesszman 2208 heat pts2208
space
space
space
$29,853 | Props total: 179 179
Xbox Live Vulnerability Exposed! Microsoft Ignored The Truth
 

 

[pic - click to view]



From what started as a supposed Fifa 12 hack, turns out to be more then that. Xbox Live has a serious security flaw and Microsoft ignored it for way to long. We have uncovered how easy it is for hackers or anybody with some free time to hack your Xbox Live account.

I spoke with Jason Coutee, a network infrastructure manager who had his Xbox Live account hacked. 8000 Microsoft points were purchased on his account, so he did what anyone of us would do and call Xbox support. A transaction for Xbox Live Family Pack was in the middle of being processed and he was able to cancel it before it went through. Unfortunately Xbox couldn’t refund him for the 8000 Microsoft points but offered to freeze his account for 30 days to investigate. Jason declined to the investigation so that he can do his own investigation. For the next couple of weeks Jason went searching for vulnerabilities that may have caused the hack. He then found Xbox 360′s Achilles heel, Xbox.com

The first step was to gather the Windows Live ID’s of gamertags. So after a round of Halo Reach, he gathered a list of gamertags and enter them individually on Google. Thanks to Facebook, Twitter, or any other links that have their email advertised, hackers now have a potential list of Windows Live ID’s. Now the hackers check to see if the email is a valid Windows Live ID. To do this, hackers headed to Xbox.com Typing in the email and a random password like blah.

If the hacker got the error message “account is invalid” they move on to another email.


[pic - click to view]




When the hacker comes across the error message “password is wrong” then that account is in trouble.



[pic - click to view]



Now with a simple script, hackers can brute force their way into your Xbox Live account. The script would batch run a list of potential password, which anybody can find online with a simple Google search. The script will attempt to enter these potential passwords until it gets in. Xbox allows you to enter your password incorrectly 8 times on the website, then it asks for a CAPTCHA code. When hackers get to that CAPTCHA code, there is a link for “try with another Live ID”. Clicking this link resets the CAPTCHA code and hackers can continue to force their way in 8 more times before they need to click the link again. This process can easily be automated by a skilled hacker. Once a hacker is in your account, nothing is safe. Hackers will take your credit card info, Netflix, Hulu Plus, the works.

So what are hackers going to do with your hacked account? Most likely purchase games and Microsoft points, change your gamertag and the email a.ssociated with then sell it online. For extra kicks they might also purchase a Xbox Family pack to add 3 more gamertags to their arsenal. Hackers are known to do this several times a day. Making several hundred dollars a day off of Microsoft’s laziness and your money.

Jason Coutee attempted to call Microsoft to report his findings and Microsoft Headquarters gave him the run around. Instructed him to email helpnow@microsoft.com He also tried calling 1-800-4-MY-XBOX where he spoke with a supervisor. The supervisor instructed him to take it to the Xbox.com forums. His latest attempt was with the Piracy and Phishing department at Microsoft who wouldn’t help him with anything Xbox related. Everybody at Microsoft refused to acknowledge the issue and because of that, gamertags are still being hacked. Microsoft can easily fix this issue by sending an email to people when there are more than X amount of failed login attempts and by by storing session id’s.



Thanks to Jason Coutee and Jesszman


[pic - click to view]

 Xbox Live Vulneribility Exposed! Microsoft Ignored The Truth - AnalogHype

173 comments for "Xbox Live Vulnerability Exposed! Microsoft Ignored The Truth"

 5 years ago '04        #2
DJKromeX 39 heat pts39
space
avatar space
space
$1,302 | Props total: 0 0
Shout outs to Jesszman
 5 years ago '11        #3
Jesszman 2208 heat pts2208 OP
space
space
space
$29,853 | Props total: 179 179
Thanks Krome, glad I could help!
 01-12-2012, 10:39 PM         #4
SmooveDude 
space
space
space
$n/a | Props total:  
thats sucks for people who like twitter and facebook

but since i dont do the whole social networking thing im good to go
 5 years ago '11        #5
dom 30 heat pts30
space
space
space
$8,350 | Props total: 204 204
So once again Microsoft could have prevented some really bad sh*t from happening and didnt. Microsoft makes money off this sh*t. I cant wait to read what DJ, flawless image and the rest of Xbox's cronies say about this sh*t.

Hey wait they havent responded yet. Lets really pay attention to the first thing they mention. I bet yall they gonna do 1 or 2 things- Attack Jezzsman for posting this thread or bring up issues with Sony. There's NOTHING IN THIS ARTICLE ABOUT SONY. THIS HAS NOTHING TO DO WITH SONY. There going to be the one's to bring Sony into this. Watch and see. There going to defend Microsoft for having bush league a.ss security. peep game
 5 years ago '11        #6
Jesszman 2208 heat pts2208 OP
space
space
space
$29,853 | Props total: 179 179
umm, DCM, technically you just brought up sony lol.
 5 years ago '11        #7
dom 30 heat pts30
space
space
space
$8,350 | Props total: 204 204
 Jesszman said:
umm, DCM, technically you just brought up sony lol.
Yeah I know but I didnt compare the 2 companies or say Sony was the answer. This is still about Microsoft Security problems
 5 years ago '11        #8
Jesszman 2208 heat pts2208 OP
space
space
space
$29,853 | Props total: 179 179
Yeah, i feel you.
 5 years ago '05        #9
Krazie 128 heat pts128
space
avatar space
space
$42,254 | Props total: 11519 11519
Social engineering isn't a new thing, but that's pretty lacking on Microsoft's part if they don't lock attempts after so many tries, even with a capture image.
 5 years ago '11        #10
Jesszman 2208 heat pts2208 OP
space
space
space
$29,853 | Props total: 179 179
 DJ Krayzie said:
Social engineering isn't a new thing, but that's pretty lacking on Microsoft's part if they don't lock attempts after so many tries, even with a capture image.
 5 years ago '05        #11
Krazie 128 heat pts128
space
avatar space
space
$42,254 | Props total: 11519 11519
 Jesszman said:
What?
 5 years ago '11        #12
Jesszman 2208 heat pts2208 OP
space
space
space
$29,853 | Props total: 179 179
idk lol. have you played asura's wrath?
 5 years ago '05        #13
Krazie 128 heat pts128
space
avatar space
space
$42,254 | Props total: 11519 11519
 Jesszman said:
idk lol. have you played asura's wrath?
Not yet.. I'm kinda psyched to try it though. I don't usually mess with demos, so I'll just Gamefly it when I get the chance.
 5 years ago '11        #14
dom 30 heat pts30
space
space
space
$8,350 | Props total: 204 204
Asura's Wrath, the demo didnt do it for me. He look corney wit 6 arm's to me
 5 years ago '11        #15
One Gud Cide 25 heat pts25
space
space
space
$9,454 | Props total: 4 4
This isn't Microsofts problem at all. You can do this on literally every single site/form/etc that has a username and pass. All they're doing is trying to guess your password.

Now with a simple script, hackers can brute force their way into your Xbox Live account. The script would batch run a list of potential password, which anybody can find online with a simple Google search. The script will attempt to enter these potential passwords until it gets in.
If you're still stupid enough to use passwords like "12345" "password" etc, then basically you deserve to have your account stolen.

People think "oh it says mix upper/lowercase letters, mix in numbers, and don't use words" it's just written there for no reason.
 5 years ago '11        #16
Jesszman 2208 heat pts2208 OP
space
space
space
$29,853 | Props total: 179 179
Son, the second level of the demo was amazing.
 5 years ago '07        #17
I bleed GREEN 29 heat pts29
space
avatar space
space
$19,046 | Props total: 8975 8975
 DominationCM said:
So once again Microsoft could have prevented some really bad sh*t from happening and didnt. Microsoft makes money off this sh*t. I cant wait to read what DJ, flawless image and the rest of Xbox's cronies say about this sh*t.

Hey wait they havent responded yet. Lets really pay attention to the first thing they mention. I bet yall they gonna do 1 or 2 things- Attack Jezzsman for posting this thread or bring up issues with Sony. There's NOTHING IN THIS ARTICLE ABOUT SONY. THIS HAS NOTHING TO DO WITH SONY. There going to be the one's to bring Sony into this. Watch and see. There going to defend Microsoft for having bush league a.ss security. peep game
yeah i hadnt responded yet,damn guess i shouldve got on here on my phone to check for new threads about xbox security while i was out. funny for calling me out though cause really im not an xbox cronie i just like calling sony fanboys out,when i see a spade i call it a spade whether or not they try to act like they arent undercover fanboys.

and this doesnt surprise me at all people do this on all kinds of websites
 5 years ago '05        #18
Krazie 128 heat pts128
space
avatar space
space
$42,254 | Props total: 11519 11519
 One Gud Cide said:
This isn't Microsofts problem at all. You can do this on literally every single site/form/etc that has a username and pass. All they're doing is trying to guess your password.



If you're still stupid enough to use passwords like "12345" "password" etc, then basically you deserve to have your account stolen.

People think "oh it says mix upper/lowercase letters, mix in numbers, and don't use words" it's just written there for no reason.
Yeah, it's a flaw, but it truly is the user's fault even more so. This is why I use a completely unique LIVE ID than I use for anything else anymore.
 5 years ago '06        #19
coolio 57 heat pts57
space
avatar space
space
$18,376 | Props total: 9 9

[pic - click to view]

 5 years ago '11        #20
dom 30 heat pts30
space
space
space
$8,350 | Props total: 204 204
 Flawless Image said:
yeah i hadnt responded yet,damn guess i shouldve got on here on my phone to check for new threads about xbox security while i was out. funny for calling me out though cause really im not an xbox cronie i just like calling sony fanboys out,when i see a spade i call it a spade whether or not they try to act like they arent undercover fanboys.

and this doesnt surprise me at all people do this on all kinds of websites
I knew I was going to get your attention not by mentioning your name but by capitalizing SONY. But on a real note it dont matter if its SONY or Microsoft getting your sh*t jacked by a bi*ch a.ss hacker isnt funny at all
Home      
  
 

 






most viewed right now
 48
Article inside A 31-year-old millionaire who's read 360 personal finance books share..
24 comments
2 days ago
@misc
most viewed right now
 36
Image(s) inside Elle Varner | Over or under spending $39.99 on the first date?
54 comments
1 day ago
@thotsdimesetc
most viewed right now
 31
NBA Magic Won't Last 2 Seasons
89 comments
2 days ago
@sports
most viewed right now
 11
Image(s) inside Feb 21 - Malia Obama and her rich friends
215 comments
1 day ago
@news
most viewed right now
 10
Image(s) inside "Get me a picture of those t1tties," Clerk Records Perv Cop Begging Fo..
119 comments
2 days ago
@wild'ish
most viewed right now
 10
Image(s) inside More leaked pics of the Galaxy S8
60 comments
2 days ago
@tech
most viewed right now
 10
Article inside Tom clancy ghost wildlands open beta
64 comments
2 days ago
@games
most viewed right now
 8
NBA Woj: DeMarcus Cousins’ agent told teams he might bolt to Lakers
76 comments
2 days ago
@sports
back to top
register contact Follow BX @ Twitter Follow BX @ Facebook search BX privacy