__/ [ BearItAll ] on Monday 19 March 2007 10:45 \__
> Roy Schestowitz wrote:
>
>> [Full-disclosure] Xbox live accounts are being stolen
>>
>> ,----[ Quote ]
>> | I just got off the phone with a Microsoft Tech for Xbox live that has
>> | confirmed this to with me and they have stated that accounts are
>> | being stolen and that "Hackers have control of Xbox live and there is
>> | nothing we can do about it"
>> `----
>>
>> http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/053032.html
>
> These boxes can link into users computers, so you would have to assume
> until proven otherwise that the user's PC is also open to these hackers.
>
> There are credit card details involved in this too, you enter the credit
> card info and then it is used automatically if you buy anything like games
> or music.
>
> Surely the thing for MS to do is shut it down and fix it, have it
> investigated so that they can recommend action for their users.
>
> But we all know that MS will do bugger all. I would bet my left sock on
> that. This is another case that shows that such things must be taken out of
> the hands of Microsoft, they continue to put users and businesses at risk
> and quite frankly MS haven't the faintest idea of how to deal with
> situations like this or security in general, they don't give a toss about
> their users.
>
> Why does this make me angry? Because the Xbox360 I bought for the kids, I
> recently gave to a young man stuck in a wheel chair, can't move much
> without assistance, he is a little on the slow side. So the Xbox360 was a
> present he was over the moon with, he did the online signup and I know his
> has bought some bits and pieces. It doesn't feel so great knowing I gave
> him that Xbox and by doing so I may have exposed His credit card to hackers
> because of MS's totally naff skills in developement and security.
I thought you bought him (was it her?) a Nintendo Wii. Now I know who's
buying all the gifts in the family...
I can't help wondering if Microsoft is targetted here just because it's
Microsoft. They often like to use this as an excuse and I find it hard to
believe that they can't employ developers with background in security. That
said, I recently read an article which explains that not languages like PHP
are to blame, but rather the flawed computer education (or background of
developers who can use high-level languages and can therefor hop onto the
programming bandwagon quite quickly).
There's this popular dicussion about ease of use (convenience) and security,
which require balancing. But there's also this other parallel issue which is
ease of programming (or competence) and security. Too much abstraction leads
to obscurity and blissful ignorance that is dangerous.
--
~~ Best wishes
Roy S. Schestowitz | "Nothing to see in this sig, please move along"
http://Schestowitz.com | GNU/Linux | PGP-Key: 0x74572E8E
Swap: 1036184k total, 480508k used, 555676k free, 33344k cached
http://iuron.com - next generation of search paradigms
|
|
