Skip to main content

Microsoft changes Live ID login system due to security concerns

posted onJanuary 18, 2012
by l33tdawg

Microsoft has quietly updated the Windows Live ID login system, which was most likely in response to a security concern that surfaced last week. The new procedure seeks to eliminate the risk of brute force attacks launching against Live ID logins, which could provide a method for hackers to gain unauthorized access to accounts.

Last week Jason Coutee, an IT consultant, exposed a brute force hack that could allow hackers to access Windows Live ID accounts and all linked materials such as Xbox Live account information. The security flaw allowed hackers unlimited attempts at guessing the password for a Windows Live ID. In addition, the error codes Microsoft used on their site allowed hackers to determine whether a Live ID was real before they tried to brute force the password.

Now it seems that Microsoft has altered their rules. Coutee wrote to Joystiq saying, “Before it would just let you try over and over. But now … they handle the sign in request on the server in a way that it will stop replying after about 20 attempts.”

Source

Tags

Microsoft XBox

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th