[Owasp-Recife] Microsoft plugs Xbox One security hole discovered by five-year-old

Caio Dias caio.dias at owasp.org
Fri Apr 4 16:32:08 UTC 2014


A five-year-old boy who managed to accidentally hack into his father's Xbox
One account has received gifts and an official thank you from Microsoft for
helping the company discover the security hole.

San Diego's KGTV has the full
story<http://www.10news.com/news/5-year-old-ocean-beach-exposes-microsoft-xbox-vulnerability>on
Kristoffer Von Hassel, who managed to log in to his father's account
without knowing the password that protected it. Apparently, after typing in
an incorrect password, Von Hassel was able to get past a secondary password
verification prompt simply by typing in nothing but space characters.

"I was like, 'yeah!'" Von Hassel said of his reaction upon first
discovering the exploit.

Von Hassel's father, Robert Davies, a computer security researcher himself,
was able to confirm the exploit in a video recorded just after Christmas,
according to the report. It's unclear if the hole was limited to Microsoft
accounts accessed through the Xbox One or extended to other potential login
situations as well.

Kristoffer and his father reported the flaw to Microsoft, which has
reportedly patched the vulnerability. For his trouble, Kristoffer received
four Xbox One games, $50, a year's subscription to Xbox Live, and official
acknowledgment as a March 2014 Microsoft Security
Researcher<http://technet.microsoft.com/en-us/security/cc308589>
.

"We're always listening to our customers and thank them for bringing issues
to our attention," Microsoft said in a statement. "We take security
seriously at Xbox and fixed the issue as soon as we learned about it."

Fonte:
http://arstechnica.com/gaming/2014/04/microsoft-plugs-xbox-one-security-hole-discovered-by-five-year-old/


Isso mesmo, uma criança de 5 anos. Como eu quero ter um filho assim.


-- 
Caio Dias
 <https://about.me/caiodias>https://about.me/caiodias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-recife/attachments/20140404/535e2048/attachment.html>


More information about the Owasp-recife mailing list