Latest Andru Edwards Videos

Xbox Live Gamertags and passwords purportedly leak

Posted by Andru Edwards Categories: Corporate News, Microsoft, Xbox Live,

Xbox Live hack

UPDATE: Microsoft responded to our request for comment with the following statement from a spokesperson, which indicates that the company regards the "xbox dump" user information as a minor phishing incident, not a major network breach:

"We do not have any evidence the Xbox Live service has been compromised. We take the security of our service seriously and work on an ongoing basis to improve it against evolving threats. However, we are aware that phishing attackers will occasionally post small lists of victims on public channels, and we will work directly with the impacted members to resolve any unauthorized changes to their accounts. As always, we highly recommend our members follow the Xbox Live Account Security guidance provided at www.xbox.com/security to protect your account."

Microsoft may be sweating out a possible rehash of Sony's PlayStation Network nightmare from earlier this year if an anonymous posting of dozens of purported Xbox Live Gamertags and passwords is what it claims to be.

We've seen an anonymous Pastebin.com data dump called "xbox dump" posted Monday that contains more than 90 supposed gamertags, most with associated email addresses and passwords.

Microsoft had yet to respond to a request for more information and it couldn't be confirmed Tuesday if the Pastebin document contained real Xbox Live user information. Even if a number of Xbox Live members had their private information compromised somehow, it obviously would remain to be seen if the "xbox dump" document was part of a larger security breach or just a one-off affair.

Click to continue reading Xbox Live Gamertags and passwords purportedly leak

Gallery: Xbox Live Gamertags and passwords purportedly leak


Advertisement

Sony Playstation Network back online in most areas

Sony Online Entertainment brought its PlayStation Network back online (after a major security breach took PSN down) in parts of Europe and the U.S. Saturday, but some 12 hours after the announcement many PSN customers were left wondering when it would be their turn.

At about 8:30 p.m. ET Saturday, Sony announced it would begin a "phased" return of PSN services to customers following a three-week outage caused by a hack of the network that forced the company to take it down. But a map of the U.S. that Sony is updating to reflect when its network goes live in individual states was left with numerous states without service in the Midwest, South and Northeast as of about 8 a.m. ET.

Several hours after the initial announcement, readers in Texas, Illinois and other states were complaining that PSN service had not been restored to their areas. Sony had warned that it would "take several hours to restore PSN throughout the entire country."

Meanwhile, PSN customers in Australia and the Caribbean wondered when their areas would go back online. Sony's Saturday announcement only referred to Europe and North America.

The company issued a further notice to PSN customers whose service had been turned on but who still weren't able to access the network:

Click to continue reading Sony Playstation Network back online in most areas

Gallery: Sony Playstation Network back online in most areas


Skyscraper Space Invader Worries Security Experts

Posted by Sheila Franklin Categories: Action, Corporate News, Retro,

We know that security experts are fairly nervous of late and this video of Skyscraper Space Invaders seemed to really freak out McAffee. “Perhaps the first demo was just for fun, but the others will have less juvenile goals,” said McAfee Avert Labs researcher Francois Paget.

Yves Peitzner, director of Brainstormclub, the German company that produced the video, said that this was a promotional idea for a video game conference. They produced it even when the planners backed out. Two buildings in Munich were used and the game was added in post production.

Read More | Wired

Gallery: Skyscraper Space Invader Worries Security Experts


BMW/Thermaltake Level 10 Gaming Tower

Posted by Sheila Franklin Categories: Corporate News,

Level 10Thermaltake contracted BMW DesignWorksUSA, a subsidiary of the German auto company, to co-create a new game system concept. Components are placed on the outside of the “Level 10” to remain cool and are enclosed in their own protective cases for interchangeability. The team calls the design a “strong architectural statement.” The gaming tower also features a smart lock system with a USB memory key that activates the system as well as keeping personal data secure.

Read More | Autoblog

Gallery: BMW/Thermaltake Level 10 Gaming Tower


Xbox 360 Security Hole Revealed, Already Patched

Xbox 360 The Bugtraq mailing list recently published the details of an unsigned code execution security hole on the Xbox 360. The timeline of the security hole would seem to make this vulnerability the same one demonstrated at last year’s 23C3 Hacker Congress, as seen in this excerpt:

Timeline:
Oct 31, 2006 - release of 4532 kernel, which is the first version
containing the bug
Nov 16, 2006 - proof of concept completed; unsigned code running in
hypervisor context
Nov 30, 2006 - release of 4548 kernel, bug still not fixed
Dec 15, 2006 - first attempt to contact vendor to report bug
Dec 30, 2006 - public demonstration
Jan 03, 2007 - vendor contact established, full details disclosed
Jan 09, 2007 - vendor releases patch
Feb 28, 2007 - full public release

The public demonstration date is key; that would be the same date of the anonymous Xbox 360 hacker video release. Further, the overview of the vulnerability claims:

We have discovered a vulnerability in the Xbox 360 hypervisor that allows
privilege escalation into hypervisor mode. Together with a method to
inject data into non-privileged memory areas, this vulnerability allows
an attacker with physical access to an Xbox 360 to run arbitrary code
such as alternative operating systems with full privileges and full
hardware access.

According to the release, Microsoft has patched the vulnerability as of January 9th, but then Sony thought they had patched the Grand Theft Auto: Liberty City Stories security hole as well. The existence of such a vulnerability indicates that the security of the Xbox 360 isn’t as bulletproof as Microsoft intended, and it would seem a mere matter of time before another exploitable hole is found to enable homebrew development on the system.

Read More | SecurityFocus via Xbox Scene

Gallery: Xbox 360 Security Hole Revealed, Already Patched


Wii Web Browser Susceptible to Opera Vulnerability

Description

Obviously, Nintendo has been careful to state that the current Wii Web Browser is merely a trial, “beta” version, but this most recent report should make users a little more cautious when taking their Wii online.

The following security report was released by security & vulnerability research lab iDefense and pertains to the version of the Opera web browser currently implemented on the Wii console.

Remote exploitation of a typecasting bug in Opera Software ASA’s Opera Web browser could allow an attacker to execute arbitrary code on the affected host.

A flaw exists within Opera’s Javascript SVG implementation. When processing a createSVGTransformFromMatrix request Opera does not properly validate the type of object passed to the function. Passing an incorrect object to this function can result in it using a pointer that is user controlled when it attempts to make the virtual function call.

The question, of course, is whether it would be worth any hacker’s while to write malicious executable code specifically for the Wii’s proprietary linux-based OS. Of course, given the vitriol with which PS3 and Nintendo fanboys have been attacking eachother recently (note that both Nintendo’s and Sony’s respective Wikipedia entries are locked!), perhaps writing malicious code for opposition consoles could signify the next great front in the console wars.

Read More | iDefense.com

Gallery: Wii Web Browser Susceptible to Opera Vulnerability


Second Life Database Suffers Huge Security Breach

Second Life LogoToday Linden Labs notified users that on or about September 6th, a Second Life database server was compromised and that hackers may have gained access to users’ personal information including names, addresses, encrypted passwords and encrypted payment information. While, according to their press release there was no indication that the hackers could compromise users’ online accounts, Linden is forcing all of their users to change their Second Life passwords in response to the breach.

From the release:

“We’re taking a very conservative approach and assuming passwords were compromised and therefore we’re requiring users to change their Second Life passwords immediately,” said Cory Ondrejka, CTO of Linden Lab. “While we realize this is an inconvenience for residents, we believe it’s the safest course of action. We place the highest priority on protecting customer data and will continue to take aggressive measures to protect the privacy and security of the community.”

With more and more online games every year (most of them requiring payment of some type), the issue of data security could quickly become a major focus for game makers. Will we be seeing a Microsoft-circa-2000-esque push toward writing secure game code in the near future? It couldn’t hurt to start soon…

Read More | http://secondlife.com/corporate/bulletin.php

Gallery: Second Life Database Suffers Huge Security Breach


Advertisement