Apr 16, 2014 fbook icon twitter icon rss icon

Microsoft

115-Year-Old Boy Hacks Father's Xbox Account, Exposes Security Flaw

Five-year-old Kristoffer Von Hassel managed to hack his father’s Xbox live account. He now has the attention of Microsoft and the gaming world. 

Kristoffer found a security flaw through Microsoft’s Xbox One console. It allowed him to log into his father’s Xbox Live account without permission, reports CNN.

"I was like ... yeah!" Kristoffer told KGTV-10.

It all began after Christmas when Kristoffer’s father, Robert Davies, noticed he was logging into his account and playing games inappropriate for his age. When Davies asked Kristoffer how he had done it, he showed him the hack he discovered.  

Kristoffer found a work-around for his father’s password by “first typing in a wrong password, then typing only space keys and hitting enter when shown a password verification screen, allowing him into the account,” reports the Huffington Post.

"How awesome is that?" asked Davies, who works in online security himself. "Just being 5 years old and being able to find a vulnerability and latch on to that. I thought that was pretty cool."

This is not the only hack Kristoffer has discovered. One other includes getting past the lock on a smartphone by holding down the “home” key long enough.  

Microsoft was notified of the security flaw by Davies and they will be issuing a fix for the vulnerability.

"We're always listening to our customers and thank them for bringing issues to our attention," the company said in a written statement. "We take security seriously at Xbox and fixed the issue as soon as we learned about it."

To show their appreciation to Kristoffer, Microsoft gave him four games, $50, and a yearlong subscription to Xbox Live.

Microsoft even included Kristoffer’s name on a list of security researchers who have “helped make online Microsoft products safer.”


Hot Gallery of the Day

20 People Who Are Having a Rough Day

article image

11Microsoft and Others Reserve Right To Read Customers' Emails

Microsoft has asserted its right to read customers’ emails, according to a story on CNN. Last week the company admitted in federal court documents that it had hacked its way into a journalist’s Hotmail account to stop a leak of some proprietary software. The company said it was justified in doing so because the software, had it leaked, would have empowered hackers to exploit security vulnerabilities and put other customers at risk. 

"In this case, we took extraordinary actions based on the specific circumstances," said John Frank, a Microsoft lawyer.

According to the FBI, Microsoft learned in 2012 that an ex-employee had leaked the software to an anonymous blogger. Fearing that the blogger could could sell the information, company attorneys approved “content pulls” from the blogger’s email accounts. Under such a situation law enforcement agencies would be required to obtain a warrant. Microsoft claimed, though, that its terms of service allow the company to access information in customers’ accounts “in the most exceptional circumstances.”

"Microsoft clearly believes that the users' personal data belongs to Microsoft, not the users themselves,” said Ginger McCall of the Electronic Privacy Information Center. McCall believes users would be upset if they knew what the terms of service of most email providers actually allowed.

"This is part of the broader problem with privacy policies," she said. "There are hidden terms that the users don't actually know are there. If the terms were out in the open, people would be horrified by them.”

The problem extends beyond Microsoft according to the Guardian. Apple, Google, and Yahoo all have similar policies. A recent story quoted excerpts from each company policy.

Google, for instance, requires that users "acknowledge and agree that Google may access … your account information and any content associated with that account… in a good faith belief that such access … is reasonably necessary to … protect against imminent harm to the … property … of Google.”

The problem is that most people don’t read the terms when signing up for a new service said Charlie Howe of Skyhigh Networks.

“I would guess that most people don’t actually read the full terms and conditions before using a new application, and they would probably be surprised by what they are actually agreeing to when they click the ‘accept’ button on certain cloud services,” he said.

According to the CNN story, Microsoft, recognizing the topic is sensitive, has announced that it will bring in a former federal judge to review cases in the future where it may need to access customer information.

Sources: CNN, The Guardian


Hot Gallery of the Day

20 People Who Are Having a Rough Day

11Syrian Hackers Claim To Expose Microsoft Invoices To The FBI

Microsoft is charging the FBI hundreds of thousands dollars a month to view customer information, according to a recent story by the Daily Dot. The story relies on documents and invoices allegedly hacked by the Syrian Electronic Army and handed over to the Daily Dot for verification.

The documents appear to be emails exchanged between Microsoft's Global Criminal Compliance team and the FBI’s Digital Intercept Technology Unit. If they were not faked by the SEA, a group loyal to Syrian President Bashar Al-Assad, the invoices are proof that Microsoft charges the FBI as much as $200 per request for information. The most recent invoice in the hacked documents was from November 2013 and was for $281,000. 

Neither Microsoft nor the FBI would confirm the validity of the documents. A Microsoft spokesperson did tell The Verge, though, that such transactions were no secret and billing the FBI for such requests was standard procedure.

"Regarding law enforcement requests, there’s nothing unusual here," the spokesperson wrote in an email. "Under U.S. law, companies can seek reimbursement for costs associated with complying with valid legal orders for customer data. We attempt to recover some of the costs associated with any such orders.”

Christopher Soghoian, a technologist for the American Civil Liberties Union, asserted that charging the fees to the FBI is a good thing because it creates a paper trail and documents the amount of requests submitted by law enforcement agencies. In 2010, Soghoian attacked Microsoft for not billing the Drug Enforcement Agency for similar requests. 

Nate Cardozo of the Electronic Frontier Foundation agrees that the billing is a positive. 

"Taxpayers should absolutely know how much money is going toward this," he said.

Cardozo believes the documents are real.

"I don’t see any indication that they’re not real," he said. "If I was going to fake something like this, I would try to fake it up a lot more sensational than this.”

The most sensational part of the story, then, may be just how easy it was for the SEA to acquire the documents. Ashkan Soltani, who coauthored a Yale study on the costs of such programs, helped analyze the documents for the Daily Dot. He walked away shocked that the FBI was conducting the business over email.

"I thought it would be a more secure system,” he said.

Sources: Daily Dot, The Verge


Hot Gallery of the Day

20 People Who Are Having a Rough Day

11Ex-Microsoft Employee Arrested, Charged With Stealing Trade Secrets

It’s probably a bad idea to leak the trade secrets of one of the most powerful companies in the world. Former Microsoft employee Alex Kibkalo is finding that out the hard way.

Kibkalo was booked on federal charges Wednesday and is accused of stealing and releasing a number of Microsoft trade secrets while working for the company. He allegedly leaked the secrets to a French blogger after receiving poor performance reviews from the company.

Kibkalo is accused of leaking Windows 8 code and Microsoft’s Activation Server Software Development Kit. The server software development kit is a key Microsoft tool used to combat software piracy.

Kibkalo was caught after the blogger went to Microsoft to confirm the authenticity of the leaked information. Microsoft prodded into Kibkalo’s email and chat history and found a number of incriminating messages.

“I would leak the enterprise today probably," Kibkalo told the blogger in one message.

“Hmm,” the blogger answered. “Are you sure you want to do that? Lol…pretty illegal.”

“I know :),” Kibkalo answered.

Kibkalo allegedly admitted to leaking Windows 7 documents as well. One of his messages also revealed that he tried to break into a Microsoft building and copy a server.

Investigators found they had more than enough evidence to charge Kibkalo, and they did exactly that on Wednesday. He was arrested and charged with theft of trade secrets. 

Sources: engadget, Seattle PI


Hot Gallery of the Day

20 People Who Are Having a Rough Day

article image

11Microsoft Works On ‘Smart Bra’ To Curb Overeating

Microsoft is currently developing a “smart bra” to curb overeating by sensing physiological changes that occur in a woman’s body when she overindulges.

The smart bra contains EKG sensors the monitor heard rate and respiration, key signs of emotional bing-eating.

"It’s mostly women who are emotional overeaters, and it turns out that a bra is perfect for measuring EKG (electrocardiogram)," Mary Czerwinski, a cognitive psychologist and senior researcher in visualization and interaction at Microsoft, told Discovery News. "We tried to do the same thing for men's underwear but it was too far away (from the heart)."

It should provide “just-in-time-support for emotional eating” by sending an alert to your smartphone via Bluetooth that can also offer a distraction to redirect your attention elsewhere.

According to a study, the gadget made users more likely to think twice before opening the fridge.

“I became more conscious when I was about to eat or drink and self-reflected on why I was consuming something,” one participant said.

“I was eating without being aware of it, but by having to log both my eating habits and my emotions, I became aware of triggers for emotional eating, and also more aware of the health (or lack thereof) in my diet,” said another user.

One drawback, Czerwinski points out, is that the sensors in the bra will only work for about four hours before needing to be recharged.

“Those brave women kept having to run to the bathroom to charge their bra," Czwerwinski said of study participants. "I think an insert in the foot would be good because feet are really sweaty."

According to Discovery, recent studies have show that half the U.S. population experiences stress-eating, which a a leading contributor to the obesity epidemic.

Sources: Fox News, Discovery


Hot Gallery of the Day

20 People Who Are Having a Rough Day

article image

11Pedophiles Searching For Child Porn Will Now Find Warnings, Not Pictures

In a joint effort from Google and Microsoft, people searching for child pornography on the internet will now receive warnings, instead of pictures.

Google says it targeted 100,000 search terms associated with child sexual abuse and blocked them from delivering illegal results, according to BBC News.

Google’s executive chairman, Eric Schmidt wrote in the Daily Mail that the company now has “more than 200 people to work developing new, state-of-the-art technology to tackle the problem” to stop the sharing of illegal child abuse photos on the Internet.

“As important, we will soon roll out these changes in more than 150 languages, so the impact will be truly global,” Schmidt 

Schmidt announced the change just after 386 children were rescued in Canada in one of the largest child sex trafficking investigations in history.

YouTube is also currently developing technology to detect pornographic videos that will be shared with other Internet firms in an effort to crack down on illegal content.

Sources: Daily Mail, BBC News


Hot Gallery of the Day

20 People Who Are Having a Rough Day

article image

11E3 Booths: Comparing Microsoft, Sony and Nintendo

When you think of how Microsoft, Sony, and Nintendo appear to the public eye, you would think of how Nintendo used to be on top and how Sony was far behind it’s competition. But when you look at their respective booths at E3, you would think something complete different. I spent some time at each of their booths and I’m here to tell you how things looked like on the show floor.

First, let’s talk about Nintendo. Their booth was wide open and inviting. Their brand was splattered everywhere. Nintendo is labeling 2013 as the year of Luigi and, to celebrate, all of their presenters are required to wear Luigi hats. Every side of the booth had special photo booth sets inspired by each of their upcoming titles. You could take a picture in the Pikmin, Mario, Mario Kart, and Donkey Kong World. It was nice for attendants, but it was ultimately just a distraction.

Nothing at the Nintendo E3 booth had a long line. Well, nothing without any kind of swag had a line. The only line in Nintendo’s booth was this roulette table where you could win prizes. There was also a Mario character on a TV screen who would talk to the crowd waiting to play a 3DS game.

One huge thing Nintendo was lacking in was presenters who had any real knowledge of the games they were showing. While playing the Mario Kart 8 demo, I tried asking questions but all I got was a stock response. These stock responses didn’t feel like the usual PR responses, however. These felt like hired people who were there just to move the line – and those lines were no bigger than two people deep, for any of the games.

Microsoft’s booth was real clean. The white walls weren’t inviting, but the green insides made you feel warm and welcome. You know green means Xbox and you want to play. The whole booth was crowded at all times and everyone was lined up to see the biggest exclusive, Titanfall. Unfortunately, I wasn’t able to spend much time with Microsoft at all. It just wasn’t in my cards.

Sony, however, was a party. The black walls were clashing against Microsoft’s whites. There is a console war going on and it was obvious. Sony was proud of their showing at their press conference and they weren’t afraid to show it. They had games being projected on raised walls in every direction. This was Sony’s show and they knew it.

It was black, blue, and full of people. Every single spot in the Sony booth was full. If you wanted to touch the PlayStation 4’s controller, you had to wait a long while. The shortest line for a PlayStation 4 title was for an existing pinball game – one that everyone owns on one console or another. It might have been there to show Sony’s growing partnership with indie developers. It may have been there to give a real chance for most people to actually get their hands on the new hardware.

The least crowded spot in Sony’s booth was the corner housing the rows of PS Vitas. The floor was raised with blue LED lights shining right up to you. The rows were filled with a large variety of Vita titles. The best part was each game was being shown off by people who work for that particular game’s company. If I wanted to play Dragon’s Crown, then I would have people from Atlus to talk to. If I wanted to play Ragnarok Odyssey ACE, then I would have people from XSEED there right at my side. You get the idea.

At this year’s E3, Microsoft was the most closed off. The biggest interest there was with their one huge exclusive they have coming out in the future. Sony’s booth was always full and they were showing off so much. Nintendo, on the other hand, was wide open and inviting. Even though they had a lot to show, Nintendo was the least crowded with not one of their titles being more than an hour long wait. I’d even go out of my way to say that my wait at Konami to see the new Castlevania game was longer than anything Nintendo had to offer.

Do these observations equal sales? Of course not, but public perception means most everything these days. Sony’s press conference blew Microsoft out of the water, and Nintendo didn’t really have one. And if the show has anything to do with it, Microsoft and Nintendo may be in big trouble in the future.


Hot Gallery of the Day

20 People Who Are Having a Rough Day

article image

11Facebook, Microsoft Spill the Beans on Government Data Requests

Facebook and Microsoft announced Friday that they received thousands of requests to hand over user data to government agencies in the last six months of 2012.

In the wake of public outcry over the possibility of government surveillance without probable cause, tech giants are asking national security officials to let them be more transparent about the circumstances under which they provide the government with user data.

"We urge the United States government to help make that possible by allowing companies to include information about the size and scope of national security requests we receive," said Ted Ulloyt, general counsel for Facebook, in a June 11 statement. "[We] look forward to publishing a report that includes that information." 

On Friday evening, Facebook and Microsoft released the number of law enforcement and national security data requests they received in the second half of 2012. The figures include Foreign Intelligence Surveillance Act requests, which tech companies were unable to acknowledge before now.

Ulloyt now says Facebook has permission to disclose total numbers, but is forbidden form giving specifics.

"For the six months ending December 31, 2012, the total number of user data requests Facebook received from any and all government entities in the U.S. — including local, state, and federal, and including criminal and national security-related requests) — was between 9,000 and 10,000,” Ulloyt wrote.

He added: “These requests run the gamut — from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat. The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9 to 10 thousand requests was between 18,000 and 19,000 accounts."

Ulloyt noted that only a small fraction of Facebook's 1.1 billion users have been affected by data requests.

"This is progress, but we’re continuing to push for even more transparency so that our users around the world can understand how infrequently we are asked to provide user data on national security grounds," he said.

Microsoft released similar figures, but John Frank, Microsoft vice president and deputy counsel, said he wishes they could disclose more so that the public could completely wrap its head around the issue.

Frank said Microsoft received between 6,000 and 7,000 subpeonas, orders and criminal and national security warrants — affecting as many as 32,000 accounts in the last six months of 2012, according to Fox News.

In the aftermath of the National Security Agency’s PRISM program finally being exposed to the public, the tech giants want to distance themselves from the it. However, reassuring the public that the government does not have “backdoor” access into their servers has done little to quell public fears that “Big Brother is watching.”

"We have always believed that it's important to differentiate between different types of government requests," Google said in a statement. "We already publish criminal requests separately from National Security Letters. Lumping the two categories together would be a step back for users. Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA disclosures, separately."

Sources: Fox News, NY Magazine


Hot Gallery of the Day

20 People Who Are Having a Rough Day

article image

11Internet Companies Participate in PRISM, While Denying Direct Access to Servers

After tech companies staunchly denied giving the National Security Agency direct access to their servers, a report from the New York Times explains how they share a wealth of information with the NSA without giving them "backdoor" access.

News that the NSA was mining data from the servers of nine leading internet companies was reported by Barton Gellman and Laura Poitras of the Washington Post the same week The Guardian reported that the NSA attained a secret court order requiring Verizon to hand over all U.S. call records.

The NSA's highly classified program, PRISM, has been mining data, including emails, photos, audio, video, documents and connection logs, from the central servers of Google, Yahoo, Facebook, Skype, AOL, YouTube, Apple And Microsoft for the past six years. Approved by federal judges working under the Foreign Intelligence Surveillance Act (FISA), PRISM has been collecting data since 2007.

Tech companies, however, flatly denied that they allow the government direct or “backdoor” access to their servers. They claimed the only time they gave private user data to the NSA was when they were under a court order to do so.

“We have never heard of PRISM,” said Steve Dowling, spokesman for Apple.

A report by Claire Cain Miller for the New York Times may finally allow us to reconcile how the data is being shared if companies deny NSA direct access. Internet companies are cooperating with the secret surveillance program by making it easier for the government to collect data and negotiating to develop technical methods to share users’ personal data efficiently. At times, they even changed their computer systems in order to do so. Other times the NSA was given the right to “real-time transmission of data.”

For instance, an NSA agent went to an internet company headquarters and remained there for several weeks while he installed government software onto a server and offloaded data onto a laptop.

People briefed on the negotiations told The New York Times that both Facebook and Google discussed plans to build separate, secure portals for the government to request data, the companies could deposit the information, and then the NSA could retrieve it.

“We do not provide any government organization with direct access to Facebook servers,” said Joe Sullivan, chief security officer for Facebook. “When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws and provide information only to the extent required by law.”

“The U.S. government does not have direct access or a ‘back door’ to the information stored in our data centers,” Google’s chief executive, Larry Page, and its chief legal officer, David Drummond, said in a statement. “We provide user data to governments only in accordance with the law.”

Chairman of the Joint Chiefs of Staff Martin E. Dempsey reportedly travelled in recent months to meet with Facebook, Google, Intel, and Microsoft executives. A source, who attended the meetings, told the New York Times that discussions involved how companies could collaborate with the government on intelligence gathering.

Sources: New York Times, Engadget


Hot Gallery of the Day

20 People Who Are Having a Rough Day

article image

11Government Responds To Exposure Of Two Mass Surveillance Programs

Shortly after the Guardian reported that authorities were collecting phone records from millions of Verizon customers across the country, the Washington Post reported that a secret government program, PRISM, had been allowing the FBI and NSA to tap into top U.S. Internet companies to pull audio, video and other data since 2007.

According to a document about the program, the NSA uses “collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.”

The Director of National Intelligence, James Clapper, issued a statement about PRISM on Thursday.

“Information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats. The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans.”

He also said that exposing the phone-records collection program might harm the nation's intelligence gathering activities, Fox News reported. “The article omits key information regarding how a classified intelligence collection program is used to prevent terrorist attacks and the numerous safeguards that protect privacy and civil liberties," he said of the Guardian story.

All information the government acquires “is subject to strict, court-imposed restrictions on review and handling. The court only allows the data to be queried when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization.”

A senior administration official also defended the program.

“The program is subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress,” the official said. “It involves extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.”

Sources: Fox News, The Washington Post


Hot Gallery of the Day

20 People Who Are Having a Rough Day

Syndicate content