Microsoft adjusts reported Live ID security concern

by Alexander Sliwinski on Jan 17th 2012 9:15AM

Microsoft has quietly altered its Windows Live ID login in response to a reported security concern. Last week, a brute force hack was exposed, with Microsoft's phrasing of error codes and infinite attempts to access accounts helping hackers along. The security flaw gained more exposure due to the ongoing "FIFA hack" and related security concerns.

"Before it would just let you try over and over," Jason Coutee, the IT consultant credited with exposing the flaw, wrote Joystiq. "But now ... they handle the sign in request on the server in a way that it will stop replying after about 20 attempts."

Coutee feels that Microsoft tightened the security, but didn't make any noticeable changes on the front end.

"Good news is that at least they lengthened the time it would take to brute force Live IDs."

Microsoft notes that the exploit was not a loophole in Xbox.com, but a brute force attack that is an "industry-wide issue."

Tags: FIFA-hack, Jason-Coutee, microsoft, xbox, Xbox-Live

Reader Comments (56)

@butaneko

I have never gotten all the functionality of that site to work on anything but IE, but especially not with Safari. Bummer since we're a mac house and most sites with any sort of 2.0 functionality are blocked here at work.

@baby sea tuna Yeah definitely used to work for me on iOS Safari anyway. Anytime I have a code to enter I redeem it thru the website on my phone, since typing codes in with the controller is miserable.

The site still works in other mobile browsers I've tried (i.e. Opera mini and Atomic web)

So I followed all the links mentioned in the story and read the whole story on the hack box blog, but I still am not sure why it's called the fifa hack so could somebody elaborate for me?

I really don't want to be that guy, but when PSN was hacked barely anybody lost money, and that was publicised beyond belief. Here people are losing up to thousands of dollars, and everything's completely fine with barely any press. I mean both cases are bad but sometimes I just don't get it..

Problem is that too many people use same email and password across too many sites they log into.

RAWR I HATE YOU SONY iTS ALL YOUR FAULT...

Wait?

What?

Wasn't Sony?
...
Carry on.

-Worst part is they don't just admit they were hacked. Get some balls Microsoft and say you messed up.

Previous 50 Comments