lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 9 Aug 2007 11:20:40 -0400
From: "Kevin Finisterre (lists)" <kf_lists@...italmunition.com>
To: full-disclosure@...ts.grok.org.uk
Cc: Ashley Wilson <amwilson85@...il.com>
Subject: Re: Xbox live accounts are being stolen (is the
	training working?)

I find it kind of ironic that my Xbox broke last night after an  
update and I am now on the phone with a Xbox live representative.  
After the whole stolen accounts fiasco I remember calling in an  
having techs flat out refuse to work with you until you verified your  
full name, address, phone number, gamer tag, xbox console serial  
number and email address used on the account.

I just finished talking to a tech about my xbox after only giving her  
my First name, Address and Phone number (I couldn't give my serial  
because my xbox is not near me). After asking to speak with her  
supervisor about some other issues I asked him to remind me of what  
information should be verified prior to speaking with someone. He  
told me that "First and Last name, Address, Phone Number, Email and  
Serial Number had to be verified and if any one item was missing or  
not available to be verified via other means" then they have been  
instructed to not speak with you. I asked him what happened with  
Gamertag verification and he stated that only applied to Xbox live  
issues and it was not verified for Xbox console issue. I didn't  
bother telling him the tech that passed me on to him didn't quite  
verify all the data, I simply said thanks and hung up.

At the very least this may help illustrate that no amount of training  
can fully curb human behavior. The tech I talked to had no problem  
ignoring the lack of serial number and email address on my account.  
So Ashley... yeah I guess it is entirely possible that accounts *can*  
still be stolen. Hell for all I know it could be the same kids since  
no one was ever produced as the culprit of the previous caper.

Good luck!
-KF



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ