We’ve mentioned before that there’s a potentially huge security breach brewing over the security of the XBox 360: Gamers keep insisting their accounts are breached even when they practice good password security, and Microsoft’s response has been “You’ve gotten phished, it’s all your fault, we made sure you can’t sue us LALALALALALALA WE CAN’T HEAR YOU LALALALALALA!”
Now somebody has come forward with the likely attack…and it explains a lot.
The problem apparently lies with XBox.com. It allows eight attempts to type in your password before it throws Captcha at you, so hackers can just slam the site with usernames and a password generating script over and over. Blow it in eight attempts? Meh, just move on to the next guy. Sheer volume is their friend on this.
If this is true, and it hasn’t been confirmed by Microsoft that it is, it’s simultaneously a relief and really annoying, because, seriously, guys, eight attempts? Eight? Really? My grandmother could hack a password in eight attempts! Don’t you have highly paid security professionals, or are they the same guys that spend all their time making sure your drivers don’t work whenever you install a Windows Update?
(Image courtesy Sheryl’s Boys on Flickr)