Skip to main content

Microsoft changes Live ID login system due to security concerns

posted onJanuary 18, 2012
by l33tdawg

Microsoft has quietly updated the Windows Live ID login system, which was most likely in response to a security concern that surfaced last week. The new procedure seeks to eliminate the risk of brute force attacks launching against Live ID logins, which could provide a method for hackers to gain unauthorized access to accounts.

Last week Jason Coutee, an IT consultant, exposed a brute force hack that could allow hackers to access Windows Live ID accounts and all linked materials such as Xbox Live account information. The security flaw allowed hackers unlimited attempts at guessing the password for a Windows Live ID. In addition, the error codes Microsoft used on their site allowed hackers to determine whether a Live ID was real before they tried to brute force the password.

Now it seems that Microsoft has altered their rules. Coutee wrote to Joystiq saying, “Before it would just let you try over and over. But now … they handle the sign in request on the server in a way that it will stop replying after about 20 attempts.”

Source

Tags

Microsoft XBox

You May Also Like

Recent News

Monday, January 15th

Friday, January 12th

Thursday, January 11th

Wednesday, January 10th