What Security Professionals Can Learn From The 5-Year Old Xbox Hacker

What Security Professionals Can Learn From The 5-Year Old Xbox Hacker
Sometimes news of poor security hits and it sends the whole web-o-sphere into panic. Heartbleed was an example of one such story. Other times, one can't help but to get a laugh out of weak security. A story that hit last week worth a laugh involved an Xbox account being hacked not by a teenager with a lot of time on his hands, not by a world class hacker or cyber criminals, but by a five year old kid who wanted to play some games he didn't have access to.

Shortly after Christmas last year, the child's parents caught him playing games on the Xbox that he shouldn't have been able to play, having somehow hacked his father's account to buy any game he pleased.

When asked how he broke into the account, the method used turned out to be... well, kind of ridiculous. He had tried guessing a password to his father's account. When that didn't work, he was taken to a password verification screen where... he hit the space-bar a bunch of times and logged in.

Interestingly, Microsoft actually offers a $10,000 bounty to hackers who can crack their system. Given that this seems to have been more of a fluke than a targeted hack, the family didn't get to reap the rewards, but it's kind of funny that educated, technical-minded hackers looking for backdoors and weak points have nothing on a little kid who really wants to play Minecraft.

Microsoft has fixed the hack, so don't bother trying to score some free games. In the future, a few tips that security professionals might want to keep in mind:
  • Don't Just Rely on Professionals
A professional coder is thinking from a professional perspective. They're not looking for dumb hacks that any five year old kid could employ, they're looking for, well, a challenge. When you put a $10,000 bounty on finding security flaws, hackers are looking for a ten thousand dollar hack.
  • Keep a Five Year Old on the Payroll
Child labor laws probably won't allow this, but rewarding children and casual gamers who can hack the system with free games or whatever prizes are appropriate to your website or gaming service wouldn't be a bad idea. You never know who's going to discover your weak points, so extending bounties to anyone who can find them can help to bring these weaknesses to light in the future.
  • Double Verification Can be Annoying, but Necessary
We might not like typing our credit card number in for every single purchase, but adding an extra security wall after login, at least where money is involved, can help to prevent unauthorized payments, so that even if someone can hack your Xbox Live or Steam account, they won't necessarily be able to make purchases in your name.

"Sometimes security science may seem like it's more, well, art than science," said Jason Hope, tech expert (https://medium.com/@jasonhope) "but with a rigorous approach to developing and testing systems for passwords, verification and online signatures, it's not impossible to build a rock-solid security setup." The five year old hacker doesn't get to keep all the games he bought, but if he keeps at it, he may one day land a job as a professional White Hat hacker. Companies like Sony and Facebook are known to hire professional hackers on a part time and full time basis in order to explore their security systems' flaws and offer tips to improve their verification processes.

Fortunately, it doesn't seem as if the hack has been discovered prior to now, as nobody seems to be coming forward with stories of having their accounts hijacked with the spacebar hack. Most of all, the whole affair has just been a little embarrassing for Microsoft, who generally has a better track record than this when it comes to online security.

In the aftermath of this, it's easy to imagine hundreds of gamers trying similar hacks on the PlayStation Network, Steam and Xbox Live in hopes of scoring a bounty, or at least a few games.

The Most Audacious Hacks in Computer History

Audacious Hacks




When we think of warfare, most people will speak of the horror. Guns, tanks, bombs and explosions. Death and destruction everywhere. This is what war brings to people and to places.

However, there’s another form of warfare that is becoming increasingly prevalent and it can often be just as destructive as traditional war; cyber warfare.

Yes, computers are not only a powerful tool, but used by experts can be a powerful weapon too. The recent troubles with the Ukraine and Russia have highlighted cyber-attacks on Ukrainian computer networks. The sophisticated nature of the ‘Uroburos’ cyberweapon has led experts to believe it was designed to hack government and telecoms networks. Is it a coincidence that this weapon originated from Russia? Who can say, but it is not alone in being a way to disrupt people, businesses and countries as a malicious action.

Here are other examples of computer hacking which are noteworthy for their sheer audaciousness.

US Nearly Explodes Siberia. All of it.
The year is 1982. It is the height of the Cold War between the USA and Russia. The CIA and their Soviet equivalent, the KGB, were constantly trying to outdo each other. In one of the first examples of a Trojan Virus, the CIA added it to software the Russians stole and then used to monitor and regulate Russian gas pipelines. The software would lie in wait until the program finished running a specific number of commands (in this case, 10 million cycles).

After 10 million, it would change the program slightly. This occurred after several months, and then things got serious. The code instructed the software to run a pressure test at higher than normal levels. However, the CIA did not take into account that Russian engineering might not be equipped to handle it. The result was a pipeline explosion in Siberia that was so big it was 20% the strength of the Hiroshima atomic bomb.

The Best Spy in the Business Wasn’t a Person
Traditionally, secret agents and spies were men and women who put their lives on the line for their government. It didn’t take long for someone to figure out a computer could probably do the same job.
Enter Flame. 20 megabytes of code that was programmed to spy on several countries in the Middle East. Flame had the ability to do the following:
  • Copy files
  • Capture screenshots
  • Download instant messaging logs
  • Turn on computer microphones and cameras remotely
Basically, it acted like James Bond in many ways. In fact, it was also programmed to project a specific cryptographic sequence known as a ‘prefix collision attack’ in case of detection. This means that is basically disguised itself (like any good spy) by convincing antivirus software that it was supposed to be there.

Spy Malware Pic





The amazing thing is that if it did get detected, it would delete itself and all traces from a system. It managed to operate for five years until eventually discovered in Iran. They claimed that the US was responsible for the virus. The US has denied all knowledge so we may never know the truth.

This post was written by Jake Messer on behalf of HANDD, a company specialising in data loss prevention services, file encryption and managed file transfer.

Free Folder Locking Software : Rabbit Locker


Today we launch Rabbit Locker.
To keep your files / folders safe in seconds.

this will be protected by a password.
watch the video and download the app.

try to run the app as Admin just in case if you find any troubles.
just run the setup and it will install just a .exe file in the folder you want or use the default folder.
this app require internet connection for registration.
thanks.

problems questions don't wait just ask :)

i3c.

Screenshots


Main View Of App[by Softpedia]
another view of Rabbit Locker[by Softpedia]

Image Source http://www.softpedia.com/progScreenshots/Rabbit-Locker-Screenshot-222147.html

Download From Softpedia http://www.softpedia.com/get/Security/Security-Related/Rabbit-Locker.shtml