Everything you ever wanted to know about Xbox hacking
Hacking and phishing threats that PC users have suffered for years are now becoming part and parcel of the online gaming experience for users of Microsoft's Xbox console. Chris Boyd (AKA PaperGhost) - who recently joined Sunbelt Software as a security researcher and is a long-time dedicated gamer - has studied the growth of …
Isnt as painfull as having a care package stolen on MW2
... some government shows up and requires you to use your real name for all online presence. Then what?
Meaning that even government ID increasingly needs to match citizen use of any ID, not government wishes. Like, alias-IDs soon will be needed commonplace. And good ones, government backed and all that. Not cheap mossad fakes.
Are lots of people bothered by gaming scores on XBL then? Is it that prestigious to have a high gamer score? I don't even know what my gamer score is.
Same as social engineering attacks in any computing - the users that fall for these stunts simply will not be told that there is no such thing as a free lunch, and will frankly click on just about any bogus carrot the perp tells them to.
As for the genuine exploits - at least given a single platform it should be relatively easy to close some of the doors. If the will is there, it should even be possible to run some basic statistical analysis and identify the users who have obviously been scoring at even theoretically impossible rates and ban their sorry backsides permanently - or at least until they buy a new console.
Its quite easy to stop the DoS.
XBox live already monitor's line quality when starting an on-line game.
Most developers should know in advance how much data will be transmitted between players in-game so to speak.
Armed with this data, a simple in-game algorithm to check what the line quality was, is during in-game, typical data transfer for the game in question and obviously a small attenuation line margin the game should automatically boot offending players off.
I am sure after several in-game boots the offenders in question would soon get bored of it...
The DoS attack doesn't neccesarily come from the user that instigated it, it may come from a botnet. A better solution would be to whitelist the IP addresses of the players and other known legit in-game traffic and block the rest to stop DDoS combined with your suggestion to look for suspiciously high traffic from a whitelisted IP.
Woot no worries for me as I got the ban hammer and don't have to take the risk of going online and actually spending money on Xbox live ever again. Instead I pawned off the RROD bomb in waiting on me brother as a gift (he doesn't go online and loves the free games). Instead I went for the best system for the money the PS3 and its free online play. If I have to buy the games why not get a system that doesn't need multi discs to play the latest hits (lol please swap disc now, so 1994). Oh well no skin off anyones nose as the Xbox division has always been a sea of red ink and other than the PS3 controller not being as good imho I still enjoy my online fragging (MAG 256 player war anyone?).
To quote..."I'm sorry sonny, I don't speak 'child'. Can someone translate?"
http://www.businessinsider.com/chart-of-the-day-microsoft-operating-income-by-division-2010-2
If you look there, only six months ago MS were making a $250 million dollar or so loss in the entertainment division, and they're only just coming back up. Now that the PS3 is cheaper, people are more or less /flocking/ to it, as Xbox Live screws them over again and again. Because it's Microsoft. Have we learned nothing in the past ten years?
Someone woke up an Xbox Apologist. Wake me when he's finished....
Look my whole point was not which system is better. In many ways they both suck. My point is piracy was actually very profitable for M$ (why I bought my xbox in the first place and why later I bought a wii for the kids). I used to spend $30+ a month on DLC even for games I pirated. That is pure profit with super low overhead for M$. M$ then decided to suck the d_ck of greedy publishers and ban a million gamers. I am betting I am not the only one that actually was a good DLC customer. M$ was counting on desperate people to go out and buy another xbox so they could pump their sales number for xmas. I said F U and if I have to buy another system and the games anyway (flashing new xboxes a total bitch) might as well go with another company. I would be curious to know how much DLC revenue they lost. It is their right to do so but hey its my right to pick a better system as well.
"It's still £250 vs. £100 for the arcade or £150 for the Elite."
Well, here it's not. Outside of Blighty, namely in Aus, the PS3 with 2 games is $500 and the Elite with 2 games is $600. So haha.
And the graph is not bloody stacked. Reread it. It /clearly/ shows the Entertainment division hardly pulling a profit.
"10,000 more units than the XBox per week is hardly "flocking" to it."
And I would say that is! It's /more/ than the Xbox, and 10000 units is no small number. What, are you some sort of marketer for a living, and a million units is small fry to you?
"Yeah, except I just checked online, and you're lying:"
You're using GAME. Nobody likes GAME. And besides, those are /actual/ prices, as in if I went to go get it at the local store. Not supermassive retailers - not /everyone/ lives in the city. And the PS3 price is way inflated - even here it's $500.
"Yes it is, if it wasn't, then that would imply that Microsoft is making twice as much from Office as it is from Windows, and that it makes more profit from servers than it does desktops. This is nonsensical, why would Microsoft sell more copies of server and office than the desktop operating system that is required for office and connects to the servers?"
It says they make 15 billion total. The graph goes up to 8 billion. And yes, that sounds about right. OEMs get Windows for ~$90, meanwhile Office retails at $300 or so. And each server license costs $4000 or so for the standard - that is about 40 desktops. Considering the number of small businesses that have three or so Win servers (we have 4) and ~70 desktops, this sounds pretty right. And don't forget about enthusiasts. And once you include the Terminal Services licenses (at $140 a pop), the Windows server boxes can cost more than the Windows desktops put together.
"Relative to what? relative to life time console sales it is because we're talking tens of millions. 10,000 may be no small number compared to the amount of brain cells you personally have however. As I stated, 10,000 a week is such a small number it'd take Sony 15 years to even catch up with Microsoft, so yes, it's a phenomenally small number."
Yes, because everyone on Earth will have a console. The Wii has sold 70 million, the PS3 33 million and the Xbox 39 million. This is WORLDWIDE. So if, say, we do a little math. The Xbox has been about for 4 years, correct? So, 39,000,000/4 . That's 9750000 units a year. Divide that by 52 and we get 187,500 a week, on average. Now, if you get 10,000 and divide it by that, you get 5%. So, roughly, the PS3 is selling 5% better than the Xbox. Now, that is average. The current buying rate will be much /lower/ - so this number could be anywhere from 5% to 20%, give or take. 20% is a big number to be ahead by. In five weeks, they would sell an extra week's worth of Xboxes. So, 10,000 is not a small number - in fact, at $500 a pop, that's $5 million dollars a week or so that they are selling more. 5 million is no small number. Yes, they may never catch up, but how many million Xboxes RRODed?
"A million? That's 10,000. There are 6 zeroes in a million, not 4."
I wasn't referring to the 10,000, twat. I was saying, are you one of those people that dismisses a number like this because they're used to working with millions?
"So let me get this straight, you're a liar, you can't read graphs, you don't know the difference between 1,000,000 and 10,000 and you think 10,000 is a non-trivial number when it'd take 15 years for it to be meaningful? Really? Is the state of education in Australia really that bad? Christ, I thought things were bad in the UK."
Ahahaha. No, you cannot read graphs. 10,000 is a non-trivial number. That is more than one store will sell in a month in some places; and in places where the maximum stock of the Xbox is 5 at any one time, it's big. And hey, if you add the RRODs to the equasion, the Xbox loses the 6 million unit lead. Look at this, from the Xbox's Wiki page on hardware failures: " with the latest estimate by warranty provider SquareTrade to be 23.7%" So, 39,000,000*0.287 = 11,193,000 consoles. Even if it was "all fixed by 2009", there are still E74 errors that claim countless consoles. So, the Xbox, in comparison, could be the market trailer in market share.
How many problems has my PS3 had? None. And it's been dropped. And still survived. My friend's XBOX RROD'd when they left it on overnight.
"Er, you said the 360 elite with 2 games sells for $600, even GAME sells it for $450, and you say they're over-expensive, meaning it's likely cheaper elsewhere, so you're a liar however way you try and spin it. Well, unless you act like a total nutjob and try and claim that GAME are only more expensive for the PS3 and cheaper for the XBox, but even then your $600 claim is a lie."
This is the prices at /my/ local store, however many times I mentioned it.
"What are you on about? They made $15 billion net profit over the year, that chart demonstrates operating income- i.e. income before costs were subtracted, which is what net profits are. The graph is against time, and so you must add up the amount earned at each discrete point to get the operating income for the year, then subtract costs to get profit. In other words, the $15bn is not the value that can be calculated anywhere from that graph. Regarding your office theory, well, it's nonsensical because you seem to be suggesting that Windows is always sold OEM and Office is always sold retail."
On 99% of laptops, it comes with an Office trial. So, you go and buy it. From where? A retail store.
"This is stupid, the percentage of retail office sales are tiny, it's bought by large customers under volume licensing at around $50 AUS a seat. $4000 for Windows Server? Another lie I see, no, really, under volume licensing and such again it's around $900 max, I'm not sure you can pay even $4000 retail unless you're seeking to get ripped off."
My pricing was a little wrong there; we can get for about $1000, and then by the time you add Exchange and etc, etc, it ends up about $4000 of MS software for the server.
"Of course, all that even assume you bought an OS-less server and ignores all the shops that run Linux servers- I just checked Dell, it's $750 AUS when bought with the server, hardly close to your $4000 lie. Why are you buying terminal service client licenses, whilst using fully fledged desktops with desktop OS' installed?"
You have never worked in an office, have you? Of /course/ you need TS lics, have you ever heard of remote users? Or /administrators/? Not everyone uses VNC on a server (which is stupid).
"Haven't you heard of thin clients? Really, all you've proved here is that you a) Still don't know how to reach charts, b) Don't understand the difference between operating profits, and net profits, c) Get ripped off, d) Don't know how to run a network. The rest of the world isn't like you."
Yes, I have heard of thin clients. I have also heard of something called XenApp, which does much the same, but with apps - and guess what? That required TC lics. And with the graph: why are the lines straight, however there are trenches? Shouldn't the trench be represented in the top, with a likewise ditch? And yes, I can run a network, tyvm. I've got my own little network in my home, and it's running perfectly. I'm actually about to look into using RADIUS to secure my wifi right now :) .
"Well done, you made up a lot of numbers that were merely speculative, to come to the realisation that Sony wont actually catch up any time soon, and then made a pointless and irrelevant comment about RROD seeing as RROD was covered entirely under warranty."
I used the manufacturer's official numbers. And, not everyone applied for the RROD warranty - I know a few people who thought they were out of warranty and went and bought a new one, unaware that it was covered.
"For starters that comment is wrong, as the issues were fixed in 2007. Secondly, all failed consoles are replaced under warranty, not classed as new sales, so your assertion that that's somehow added to the lead is completely false."
Look above. And that doesn't mean old consoles aren't failing still. I know a Xbox that RROD'd only three months ago....
"...er, you didn't even know the PS3 is also prone to an RROD-like problem? Must suck to be you."
According to my convenience sample (you know what that is, right?), I have not seen that problem. Mine doesn't have it. My friends don't have it. I haven't even heard of any doing it. The only PS3 hardware failure I have heard of is where a Blu-Ray got jammed in the drive after a little brother dropped the thing. And the PS3 "yellow light" problem is nowhere near as prominent as the Xbox RROD and E74 errors. And I quote: "around 12,500 of the 2.5 million PlayStations sold in the UK have shut down in this way since March 2007" . So, that is a 0.5% failure rate for the YLOD. Not bad, considering many PCs have a much higher failure rate and the Xbox's most conservative measurements were 20% of all the consoles sold. Hell, the $3000 iMacs had a higher failure rate than that.
"Either that, or just keep looking like a fool as I demonstrably prove you wrong and you prove your inability to handle basic graphs and numbers. Your choice."
Your numbers are no better :) .
Oh no! My uber top secret important XBL details... the coveted XBL gamer score.... man this is tooo funny. Are most people actually this brainwashed and shallow now that things as benign and meaningless as a `gamertag` or points earned in a game are actually this important!?
Nobody really cares if you are really good at games, apart from you, and maybe some people you play the game with. One day you'll grow up, and have a family, and all kinds of interesting and exciting hobbies (if the government/corps haven't made every activity illegal by then apart from buying and watching their sh*t).
Work futile thankless job for a mega corp that couldn't give ha'penny fuck about you or your family. Give half of money earned to rich parasites. Buy their stuff, play their video games, watch the idiot lantern, go back to sleep.... rinse, repeat.
“Disobedience is the true foundation of liberty. The obedient must be slaves.”
Henry David Thoreau.
* Never give someone your login details in exchange for anything.
* Avoid game cheats and other items sold on Youtube videos. This is a risk because many cheat sellers are malicious.
* Remove credit card details from accounts registered with gaming companies. Avoid signing up for automatic renewal.
* Use pre-paid cards to pay for accounts, where possible, rather than personal debit or credit cards.
* Try to use aliases - not your real name - when you sign up for online gaming accounts.
missed one:
find old lady (prefrably a grandmother) , insert egg into mouth, instruct said geriatric lady on the way to suck inserted egg.....
"find old lady (prefrably a grandmother) , insert egg into mouth, instruct said geriatric lady on the way to suck inserted egg....."
not exactly teaching people to suck eggs, given that so many people continue to fall for console related scams. Everyone I know (and see on xbox forums) that says they've saved their CC dets into the system for things like renewals etc always use their main card, and tend to save them in the system.
and if you want proof of how many people continue to fall for incredibly basic phishing scams, go look at the number of hijacked account posts on the official forums, or see how many phish links are floating around youtube and elsewhere. just because you're aware of the danger doesn't mean the people most likely to fall for these scams are, or else there'd be no need to warn people about these threats in the first place.
I can see that most of the comments are from people who seem to despise both gamerscore and people that play for gamerscore.
Of course they do, that is their right.
Now, I am 33, I have a family and a life, a job, I am not a fan-tard but I like playing for achievements. Does this fact make me a bad person? Of course not, but some some of you see gamerscore whores and start insulting.
I have manged to get to 91,000 and yes, I will go to the end of the world to protect my XBL login details. I found this article very informative and interesting. Thank you, Register.
P.S. Is it required for people that insult gamerscore whores to have poor spelling and grammatical skills?
I see nothing wrong with trying to protect your gamerscore, you've played for it and earned it, so fair play to you.
What i dont understand is what real benefit you get from buying someone else's gamertag.
"Live IDs with high point scores attached to them can retail for 10 times as much as ordinary accounts"
So you can boast to your friends, "ooooh, check me out, iv got 100M GP" to which they respond, "great get a life"
As I said at the start, I've no problems with people who play for score, I've been known to replay games a few times trying to clean up the last few points myself, but that provides enjoyment for me. However if you buy a gamertag with a hugely inflated score, you don't get any of the pride of having completed the games, and I would imagine that it would be fairly obvious to anyone you know, that the score isn't truly yours.
I know that if my gamerscore increased by a factor of 10 overnight (and my tag changed) any of my friends that actually cared enough to comment would say something along the lines of, "who d'ya nick that off then?"
Awww this is so sad. You'd think a service you pay for would be secure and safe......
Best go with the free service that works - or it could just be the users aren't stupid cheating loosers!
If you put as much effort into school/college as you do into gaming, you would know the difference between "lose" and "loose". Let's not even get into "their", 'there" and "they're", or "your" and "you're"!
I haven't seen any PS3 hacks yet.
Oh wait, Sony designed the PS3 with security in mind. Unlike Microsoft, who seemed to design the Xbox 360 with nothing in mind (hell, they even have a 3-core /clone/ of the PS3's chip in the 360 - you see the Xenon? Well, that's a Cell Broadband Engine derivative).
Xenon and Cell are both mainly designed (and manufactured) by IBM. Just shows you how good the IBM Chip design and foundry businesses are at attracting high volume customers. And they also provide the CPU for the Wii, although this is more like a standard PowerPC.
BTW. The Xenon is not a Cell derivative. It has modified PPE processors (3). The PPE is only part of the Cell, and the Xenon has no SPE's. Not really much of a comparison.
It's more or less based on Cell research, yes? If so, it could be called a derivative.
Tarthen wrote: "It's [the Xbox360's 'Xenon' processor] more or less based on Cell research, yes?"
No actually, both Cell and the Xenon are based on PowerPC research. As far as the docs I've got here imply, IBM developed PPC respins for various uses. Sony asked them to develop the Cell and the Cell-PPE is based on one of these respins.
When MS approached IBM for a processor for the 360, IBM offered them a triple core version of the PPE.
So, as far as that goes, Xenon and Cell are stepkids, with the PPC in the Wii being some kind of "country cousin"
I like/respect the PS3 as a technical achievement, but I still think that the '360 is the better overall gaming package at the moment.
Meanwhile, that was a good article, I'll be double checking tonight what sensitive information is being stored on my 360.
You're right there.
Although, my understanding is that IBM, Sony and Toshiba all developed the Cell, from ~2003, working together. So it's not "just" IBM who made it; there are others too :).
I really wish they didn't cancel the project though. I wanted a Cell in my laptop :( .
Look, the flame icon! What I am saying is purely designed to be flamed! I don't have an XBox of any sort and I don't have a PS3 either, but please, I have used the flame icon so flame away...
I too have nothing meaningful to add to this discussion, but your attitude is just disgusting! People like you should...,should...., well I dont know, do something else! Nazi Germany started like this you know!
( See, pointless and a pathetic attempt to drag Godwin into it too! )
It's pretty easy on Xbox Live$$ purely because of the number of retards on there willing to PAY for a inferior but well marketed service (It's hillarious that they really believe their money is paying some some magical service that's you get in exactly the same form, if not better, for free on other better consoles and even take the word of Microsoft as being proof of that).
Hah xbox rubbish noway games on xbox bettre thn ps3 will pwn u shld u b unwse 2 ply me on MW2 nw lvl70 hv all the wpons 4 serious pwnage...
... sorry, I seemed to be channelling a gametard there for a minute. The thought of losing those online accolades sent me all funny :)
Seriously though, even if I had no financial loss I'd be gutted if I lost my PS3 login as I've got many hours of Modern Warefare and MW2 hours invested in it to get some decent weapons for the multiplayer games.
I play so badly I cant be bothered with gamerTag lol
STEAM_ID:0000000000 cant be bothered to look it up!
D@v3: read the article more carefully. People don't buy accounts with high gamer scores in order to boast about the score. They use the score as an indicator that the account will have access to a lot of bonus content, high-level items etc.
Sign up, sign up for The Register's weekly IT security newsletter - click here
