Five-Year-Old Uncovers Xbox One Login Flaw 196
New submitter Smiffa2001 writes: "The BBC reports that five-year-old Kristoffer Von Hassel from San Diego has uncovered a (frankly embarrassing) security flaw within the Xbox One login screen. Apparently by entering an incorrect password in the first prompt and then filling the second field with spaces, a user can log in without knowing a password to an account. Young Kristoffer's dad submitted the flaw to Microsoft — who have patched the flaw — and have generously provided four free games, $50, a year-long subscription to Xbox Live and an entry on their list of Security Researcher Acknowledgments."
Prosecute the child and father! (Score:5, Funny)
Why is this criminal being celebrated rather than prosecuted for hacking into a protected computer system across state lines? The child is A FELON and must go to jail. The father acted as an accessory and should also be prosecuted.
Sucks to be a security professional... (Score:5, Funny)
Yeah, are you sick of that story of the Indian kid who got his CISSP at the age of 12? Well, here's a 5 year old with a published vulnerability!
They were busy (Score:5, Funny)
I'm sure the reason the reward was so paltry was because the rest of the reward went to cleaning the development team's underwear.
Re:Who? How? (Score:3, Funny)
I don't know who could get this wrong or how you could get this wrong.
Does it work if you have the same number of characters?
len(input) == len(password)?
or?
input == password OR (len(input) == len(password) AND string_is_all_spaces(input))
You'd really have to go out of your way in a most bizarre manner to screw this up. I mean, this is like tell someone to make an omelette and they accidentally build a time-machine. What the heck were they doing here??
Re:Who? How? (Score:5, Funny)
Which makes me appreciate all the thought that Slashdot put into its security. For example, did you know if you accidentally type your own password into a comment, it stars it out for you? Example:
***********
Neat, huh?
Re:$300? (Score:4, Funny)
Re:Who? How? (Score:4, Funny)
Re:Who? How? (Score:3, Funny)
forgot rule 12 of evil overlords (Score:5, Funny)
I guess their team of advisors is incomplete:
http://www.eviloverlord.com/li... [eviloverlord.com]
"12. One of my advisors will be an average five-year-old child. Any flaws in my plan that he is able to spot will be corrected before implementation."
And:
"60. My five-year-old child advisor will also be asked to decipher any code I am thinking of using. If he breaks the code in under 30 seconds, it will not be used. Note: this also applies to passwords."
Perhaps Microsoft doesn't consider itself evil? Lots of people no longer do. At least they followed rule 32 in this case.
Re:Fuck M$ (Score:3, Funny)
You have that backwards. M$ has always known about shit. Just look at their products.
Re:$300? (Score:2, Funny)
For all the times we suspected it, now we have proof that they were all spaced out!
Re:Who? How? (Score:5, Funny)
> What if your PIN is a palindrome?
you enter "emordnilap a"