Hackers Can Easily Lift Credit Card Info From a Used Xbox 106
zacharye writes "Using nothing more than a few common tools, hackers can reportedly recover credit card numbers and other personal information from used Xbox 360 consoles even after they have been restored to factory settings. Researchers at Drexel University say they have successfully recovered sensitive personal data from a used Xbox console, and they claim Microsoft is doing a disservice to users by not taking precautions to secure their data. 'Microsoft does a great job of protecting their proprietary information,' researcher Ashley Podhradsky said."
Re:Jury is still out... (Score:0, Interesting)
So basically you commented to let everyone know that you don't know shit. Quite worthwhile.
I don't buy it (Score:5, Interesting)
TFA: Performing a fast scan on one of the drives resulted in a possible credit card hit as demonstrated in Image 10. Although this does not definitively prove there are any credit card numbers on the hard drive, it is highly probable given the results obtained. The Bank Identification Number in this hit identifies this as a Bank of America Discover Card [37].
That's a solid find. Except for the fact that I can't find the option to enter in a Discover card to Xbox Live for it to store. Chances of this being a real valid Discover card number? I'd put it right around the same as /dev/urandom.
http://i.imgur.com/A0M4d.png
Re:PS3 better uses HDD's that work on any sata sys (Score:5, Interesting)
Re:Details of the academic paper (Score:5, Interesting)
Got myself a copy (my employer appears to have a subscription), The really critical bit here is:
"Performing a fast scan on one of the drives resulted in a possible credit card hit as demonstrated in Image 10."
While they conclude that it's likely this is a credit card, based on the card identifier (first four numbers) and that it matches the Luhn algorithm (mis-spelt as "Luhr" in the article - that took a while to figure out!), however the Luhn algorithm isn't designed for this sort of use, it's primarily there to catch data entry mistakes. I'm fairly happy that the chances of a match like this on a multi-GB hard drive are fairly good, just through random chance. A good follow-up experiment here would be to buy new XBox 360s, buy points and then scan the hard drive for the card used.
IMHO their points raised about finding gamer tags, friend lists, etc. are probably far more relevant, especially in relation to this data not being destroyed when a factory reset is done.
There's some really odd bits, though... "In this particular instance, we can see NAT (Network Address Translation) rules for a site called Bungle.net[sic], where Halo players can have their stats tracked or purchase games and merchandise [36]." - which as far as I can tell is actually a list of errors you can get if your NAT setup is causing problems.
I'd also be more confident if the work had less odd errors; "Book and Nuke, by DBAN is", presumably refers to "Darik's Boot and Nuke", frequently abbreviated to "DBAN".