Blizzhackers: More Hiccups In The Console Platform

Wednesday, May 18, 2011

More Hiccups In The Console Platform

As well as Sony falling prey to yet another vulnerability, now Microsoft is looking to compensate for some nasty mistakes. With the PSN being phased back into existence in the past few days, users were, as expected, required to reauthorize with new passwords. Finally getting a successful login to the PSN resulted in a mandatory prompt, but Sony also pandered to customers by allowing resetting their passwords through their website -- only to come under attack by a new exploit. Armed with only the victims email and date of birth, the primitive reset mechanism could be exploited quite easily. From what I can tell, it went something like this:

Password reset page via store.playstation.com
Don't validate the confirmation with proper token yet (was found at the end of the url "...action?token=%s")
In another window/tab go to one of the alternative subdomains to password recover
Enter target's email and DOB
Use token to bypass actual email confirmation and reset password

Massive fail. Of course with the big previous attack, obtaining proper email and DOB was already done for a number of accounts. This issue is currently being addressed by Sony. They have also decided what games they will use for their "Welcome Back" compensation package. Based on region, users will be able to choose 2 games from a list of 5 old, but decent titles (LBP, inFamous, R&C:QfB, et al.) - not some shitty arcade games.

Sony's competitor, Microsoft, has also faced quite a nasty bump in the road. While they are continuing to phase in their updates from the new XGD3 disc format and firmware/dashboard updates (Read: http://blizzhackers.blogspot.com/2011/04/xbox-microsofts-new-xgd3-format.html ), users not in the beta are starting to receive the trickle of updates as well. Turns out that one of those firmware updates kind of killed a bunch of the older Xbox 360 models by bricking the DVD drive. The funny thing (not being reported in other news articles and blog posts, but I can confirm) is that this very problem was reported repeatedly by beta testers in the private preview forums, but the issue was apparently not addressed before it was pushed out. The forums have since been removed from view. However, I'd consider the luck to be anything but poor to victims. Microsoft is offering a free replacement with the newest Xbox 360 S model as well as an entire year of live for free. That's a pretty good deal; certainly better than their past compensations (lol, Undertow).

0 comments:

Post a Comment

POPLINKS

• Battle.net Chat Bots

• Client Hash Files

• Original BNETdocs Archive

• SC2 1.3.2 Galaxy API Dump

• #bhdev (Mibbit)

• StarCraft II Hack Dev Forum

• Diablo II Hack Dev Forum

• Diablo 2 Botting System SVN

• Blizzhackers Toolkit SVN
- (Upcoming D2 Project)

• Blizzhackers Wiki

- (Coming soon... maybe..)

(Click the "Files" link on left navbar to see the entire file archive.)

Note: You should frequently check directories for the latest version of popular hacks that get updated actively, because I don't always make new posts in the event to avoid flooding the blog.

usoPreviewPopup

Site Disclaimer

This site in no way intends to induce or enable copyright infringement, nor promote interference or breaching of contractual relations between the end-user and any third parties. The enterprise of this site is purposed toward the goals of reporting and educating our readers on topics within the relevance of our and their interests/hobbies. Should you be a body - or (legal) representative - of any corporate party that has perceptively supposed that any file featured on this blog is infringing upon your rights - or the rights of your client - please contact THE ORIGINAL AUTHOR OF THE ALLEGED BINARIES. I have no capacity over these files, nor am I the owner of the official file server or message boards linked here. None of these files are being sold commercially and I accept no payments in that regard. In fact, I often attempt to deter that act myself - the Blizzhacker 'axiom' is free information and anti-monetiziation the exploitation of the work of others. I, Dark_Mage-, am simply acting well within my legal rights as a blogger (or "journalist" if you will) and if you so choose to engage me, a member or affiliate of the Electronic Frontier Foundation will contact you on my behalf as soon as possible. Any attempts for the desist and removal of a file hosted on the aforementioned site (BHFiles.com) should be forwarded to the site's hosting provider. Occasionally, interesting files discovered uploaded are sometimes enumerated and discussed. I am simply a "discovery agent" in the 'hacking scene' and have even been long retired from that interest as well as PC gaming all together. This blog is just that: a blog. If you attempt to impede upon my rights to freely discuss criteria loosely based around my interests with threats, or pursue to censor me with stifling, baseless obstruction, there will be consequence and blowback. If I may have journeyed a bit out of the bounds of reason, I will gladly amend my oversight. I have no desire to harm your business model nor am I trying to. If you feel I have stepped over a line at some point, please contact me and we can settle it in a civil manner. I will *never* receive a (DMCA/BayTSP/C&D) letter targeting any files hosted on any sites as I am not the successor to any. Attacking a blogger is not nearly a plausible solution to deterring the act of hacking/cheating, nor is it an effective substitute for fallible anti-cheating mechanisms. Be better than Sony. Be better than EA. And for God's sake, be better than Activisi-- oh, yeah. Well, shit, bros, at least you USED to be Blizzard Entertainment -- that name used to carry respect ya know?