Hackers Can Easily Lift Credit Card Info From a Used Xbox 106
zacharye writes "Using nothing more than a few common tools, hackers can reportedly recover credit card numbers and other personal information from used Xbox 360 consoles even after they have been restored to factory settings. Researchers at Drexel University say they have successfully recovered sensitive personal data from a used Xbox console, and they claim Microsoft is doing a disservice to users by not taking precautions to secure their data. 'Microsoft does a great job of protecting their proprietary information,' researcher Ashley Podhradsky said."
I made the point earlier (Score:3, Insightful)
Proprietary software vendors cannot be trusted to put your interests first. If they can get away with it they will always put their interests first. But, of course, their interests will remain well protected.
Re:Jury is still out... (Score:4, Insightful)
I also thought the CC info was stored on Microsoft's servers. You can't even buy stuff on an Xbox without being logged into your Live account.
Wiping a 360 hard drive is idiotic (Score:5, Insightful)
There are hacking tools to convert non-360 hard drives into usable drives, but not Microsoft OEM drives. I can't believe the researchers recommended a straight wipe without this caveat.
And this is why (Score:5, Insightful)
I buy the gift cards when doing anything regarding the xbox
Re:"Factory Reset" means nothing on the 360... (Score:1, Insightful)
And why all that? Microsoft has no involvement in you selling your Xbox. If it has some data on there that you don't want others to know it's your fault. Not like "you can wipe this clean and sell it" is listed as a feature.
What is wrong with you exactly? You are clearly damaged in some way.
First Sale Doctrine: I buy shit from you, the shit is mine now, I sell shit to someone else. You don't get to stop or interfere with that.
Sorry but I like liberty and being free. I don't want to live in a nation where all my stuff belongs to the aristocracy and I'm just renting it from them at their pleasure, that's just slavery in a different name.
Re:Jury is still out... (Score:5, Insightful)
I also thought the CC info was stored on Microsoft's servers. You can't even buy stuff on an Xbox without being logged into your Live account.
The point, I think, is that it's naive not to assume some engineer decided to store the info in *both* places. If you were trying to make the customer experience as smooth as possible, and you had 99% confidence that the home box was in possession of the Real User, you might want to make the process a little more "foolproof".
Say the billing server glitches and corrupts their copy of the CC... Poll the console, get the number, transaction approved. The alternative is pop up a CC entry screen, which has a non-zero chance to frustrate the Real User to the point of cancelling the sale. Bad for a market built on instant gratification.
Any goodheart engineer who cries foul from a system security training point of view, has probably never had to answer to a Director more concerned with their department operating at a loss for years. Xbox division regularly dipped into and out of the red until the last couple of years.
And the bigger point is, with all the revisions to the Dashboard, it may be impossible to know when this purported "feature" was added, taken away, or actively used. I bet you 2800 MS Points that the next dash update roots out and purges this data. Won't stop the class-actions though.
Re:"Factory Reset" means nothing on the 360... (Score:4, Insightful)
Re:I made the point earlier (Score:4, Insightful)
I agree that Open Source is no different. But I think it's harder to get away with it because it's harder to hide what you're doing. And even if you do for a time, someone will come along and fix it, and if you don't accept their fix you'll lose your users to the fork.