Microsoft tightens security as the Xbox Live users may face attacks from hackers
Microsoft has detected an issue with digital security certificates issued for one of their domain names *.xboxlive.com. Microsoft has released critical security updates to eliminate the threat. The company is removing the trust of certificate from all of its products and services. However, Microsoft warns that the leaked certificate could still be used to steal important data from users.
In an official advisory from Microsoft, the company had warned Xbox users that the leaked Xbox Live certificate can be used by hackers to impersonate the xboxlive.com domain. What this means is that attackers can imitate Xbox Live website pages to trick Xbox users into providing confidential information to carry out "man-in-the-middle" attacks. Microsoft warns that these tactics may potentially lead to possible attacks on users.
In the said advisory, Microsoft announced that the private keys to the *.xboxlive.com domain had been "inadvertently disclosed.” Without giving any explanation on how the digital certificate was "inadvertently disclosed,” Microsoft has started fixing the issue by pushing updates to all the products. Microsoft released a large number of security updates on Tuesday. Eight of these updates are rated as critical and two in particular were classified as vulnerabilities already known to be subject to attacks. The company is also updating its Certificate Trust List to make sure that the leaked digital certificate is no longer valid.
“Although this issue does not result from an issue in any Microsoft product, we are nevertheless updating the CTL and providing an update to help protect customers. Microsoft will continue to investigate this issue and may make future changes to the CTL or release a future update to help protect customers.”- said Microsoft in its statement.
Xbox Live has millions of registered users and a large number of the users have their credit-card details on their respective Xbox Live accounts. Needless to say, keeping Xbox Live website secure is something Microsoft isn’t about to take lightly. The massive database and confidential details of Xbox Live users make the website a good target for hackers.
VentureBeat reported that gamers have already witnessed the Great PlayStation Network Outage in 2011 which lasted for 23 days. Hackers delved into Sony's PlayStation Network and after realising the vulnerabilities, Sony took the PlayStation Network offline but damage was done by then costing US $171 million (approx. AU $233 million) to Sony. Details of more than 77 million people were compromised as a result of PlayStation Network Outage.
Microsoft obviously does not want to witness the same issue. The company has released dozens of security bulletins and the company is issuing too many security patches to protect its users.
Contact the writer at feedback@ibtimes.com.au, or let us know what you think below.
Adding Security Proofs on Your Xbox 360 Console (Credit: YouTube/Xbox)