AccountSecurity
Latest
Microsoft fights back against Xbox Live account threats, begs you to update your security settings
Redmond's console gaming network may not have suffered a breach of security comparable to last year's PSN fumble, but that doesn't mean it hasn't braced for impact. According to Xbox Live General Manager Alex Garden, Microsoft has made great strides in account security by taking legal action against sites who share phished usernames and passwords, enacting two-step login verification for untrusted devices and pushing fresh security updates to devices. Even so, Garden says that many of Xbox Live's account protection measures rely on member profiles being up to date, and heartily encourages users to make sure their security information is accurate. Get the word directly from the horses mouth at the source link below.
Guildportal, keyloggers, and you
In the past week, you may have noticed an increase in complaints about hacked accounts on the forums. Why? Well, the popular guild-hosting website Guildportal was hacked -- hackers added a bit of code exploiting an old Internet Explorer vulnerability (Microsoft had a patch available six months ago) to install a keylogger on visitors' systems. It was a brilliant move by the hackers, who managed to tap into a site visited by a massive number of WoW players -- the perfect place to steal account information. But I can't say it was very good for some of Guildportal's users, who logged on to World of Warcraft to find their characters completely naked next to an unfamiliar mailbox.However, this entire affair was very preventable. First off, Guildportal itself had a vulnerability that allowed hackers to insert the exploit that installed the keylogger. And then in order for the keylogger to be installed, individuals visiting Guildportal had to be running a version of Internet Explorer that was 6 months out of date. Guildportal has taken steps to prevent this from happening again, by patching their systems and banning traffic from China, where the hack attack originated from. (According to Guildportal's response as reported on the forums and a commenter on Madness and Games identifying himself as Aaron Lewis of Guildportal.) But have you taken steps? In Blizzard's post on the subject, they point out Microsoft Security Bulletin MS06-055, released by Microsoft on September 26th, 2006. You can stop many potential keylogger threats by simply visiting Windows Update to download patches regularly -- or, even easier, enabling Windows' Automatic Update feature. Either option would have resulted in your computer being protected from this vulnerability well before now.Think your account has been compromised? GM Kaone offers some good instructions on how to rid your computer of keyloggers (it's a lengthy post but very informative) and then points you to their billing support department for account recovery. (Yes, it is important to get rid of the keylogger before having your account restored -- otherwise you'll end up right back where you started!) But be prepared for a wait -- the account recovery process isn't always fast.See Guildportal's full response to its users after the jump.Other recent security advisories:Beware the cursor hackKeep keyloggers away: New Microsoft hotfix availableMore security warnings from BlizzardBlizzard reminds us to be careful of keyloggers[Via PlayNoEvil, with thanks to robodex for the forums link]
