Gamasutra: The Art & Business of Making Gamesspacer
View All     RSS
July 30, 2014
arrowPress Releases
July 30, 2014
PR Newswire
View All





If you enjoy reading this site, you might also want to check out these UBM Tech sites:


Microsoft patches Xbox Live security flaw found by 5-year-old
Microsoft patches Xbox Live security flaw found by 5-year-old
April 4, 2014 | By Alex Wawro

April 4, 2014 | By Alex Wawro
Comments
    7 comments
More:



Newsbrief: ABC 10 reports that Microsoft has patched an Xbox Live security flaw which allowed a 5-year-old in San Diego, California to log into his father's account without knowing the password.

Earlier this year, Kristoffer Von Hassel's parents discovered that he was logging into his father's Xbox Live account and playing games without their permission.

Investigating further, Von Hassel's father -- a security researcher at ServiceNow -- discovered that his son had managed to access his account by entering the wrong password, then bypassing the ensuing password verification screen by submitting a "password" of blank spaces.

The family reported the vulnerability to Microsoft. Microsoft responded by fixing the security flaw, acknowledging Kristoffer in the company's March 2014 list of security researchers, and giving the Von Hassel family $50, four Xbox One games and a year of Xbox Live Gold membership.

"We're always listening to our customers and thank them for bringing issues to our attention," a Microsoft representative said in a statement to ABC 10. "We take security seriously at Xbox and fixed the issue as soon as we learned about it."


Related Jobs

Deep Silver Volition
Deep Silver Volition — Champaign, Illinois, United States
[07.30.14]

Visual Effects Artist
Nexon America, Inc.
Nexon America, Inc. — El Segundo , California, United States
[07.30.14]

Localization Coordinator
Firaxis Games
Firaxis Games — Sparks, Baltimore, Maryland, United States
[07.30.14]

Senior Visual Effects Artist
Gearbox Software
Gearbox Software — Plano, Texas, United States
[07.30.14]

Release Engineer










Comments


Kaitlyn Kaid
profile image
Clever kid :)

Matt Jahns
profile image
Someone should give this kid the world record for "youngest hacker".

E Zachary Knight
profile image
I don't get it. Why is this kid not being charged under the CFAA and being threatened with 35 years in prison? Is the DOJ getting lazy on the job?

Marvin Papin
profile image
The kid has been clever enough to not let any evidence ;)

Brandon Van Every
profile image
Gotta love that MS QA

adam anthony
profile image
Their QA probably did find it, and it was waived as an "edge case"

Dave Hoskins
profile image
I get the feeling that the "security researcher" found the hack himself, and let his son take the glory, as it were.
Microsoft probably left tester code in there by mistake. OR, conspiratorially, you've got to let the NSA in the back door somehow!! :)


none
 
Comment: