Xbox Live private keys mistakenly disclosed, says Microsoft
Microsoft statement did not list the source of the leaks but the company said that the leaked keys have so far not been used in any cyber attack.
In the security advisory released Wednesday, Microsoft said it has invalidated the leaked certificate. “To help protect customers from potentially fraudulent use of the SSL/TLS digital certificate, the certificate has been deemed no longer valid and Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of the certificate,” reads the advisory. The leaked digital certificate cannot be used to impersonate domains, create new certificates or sign code.
However the biggest concern is that the private keys could be used to mount a in a “man-in-the-middle” attack. Potential hacker could use the leaked Xbox Live private keys to gain access to a secure connection. “Each user in the communication unknowingly sends traffic to and receives traffic from the attacker, all the while thinking they are communicating only with the intended user,” Microsoft explained. A hacker could intercept messages sent between Microsoft and the Xbox Live user. Information or sensitive data could be stolen via this method.
Posted:
Related Forum: Xbox Forum
Source: http://www.techworm.net/2015/12/xbox-live-users-open-to-hack-as-microsoft-accidentally-leaks-private-keys.html
Related Articles
Comments
DusknoirPosted:
TTG_JAMBO Please someone with knowledge explain is this the same private 2048 bit RSA key that is used to sign the Xbox live digital cert, that jtag users wouldve needed to sign off their own version of live or have any console work online without the need for authentication of any kind, or are we talking digital certs of Xbox.com website
Private keys to xbl itself, that can give someone access to APIs and stuff.
SagePosted:
Mickers It's alright, my card linked never has money on it.
That really sucks man... Sadly mine usually does have money on it :)
ThespianPosted:
Well I am most likely gonna remove all credit cards and things from my account. Not going to take the risk.
TTG_JAMBOPosted:
Please someone with knowledge explain is this the same private 2048 bit RSA key that is used to sign the Xbox live digital cert, that jtag users wouldve needed to sign off their own version of live or have any console work online without the need for authentication of any kind, or are we talking digital certs of Xbox.com website
vLunaPosted:
Hopefully nothing does happen.. and thanks to Microsoft for informing everyone about it. Would be a lot worse if it came out of the blue that someone was using your CC details.
Latest Downloads
- 01. Rock Band 3 99% Save Wii(0)
- 02. Dead Rising 2: Off the Record - SaveGame (50 lvl, 5.000.000$, S/A)(0)
- 03. Need for Speed: Undercover - Save Game (4th level of the racer)(0)
- 04. [EU] F.I.S.T.: Forged in Shadow Torch (CUSA28371)(5)
- 05. Ghost Exile: SaveGame (Level 50 with 30,000 money)(0)
- 06. S.T.A.L.K.E.R. 2: Heart of Chornobyl - SaveGame (progress from the Dump to the Boat)(3)
- 07. Cyberpunk 2077: Phantom Liberty - SaveGame (The areas have been cleared.(8)
- 08. Red Dead Redemption 2: Save Game (Chapters 3,4,5 with all bags)(6)
- 09. My Gaming Club: SaveGame (pumped up character) [2.1](0)
- 10. Rock Band 2 99% Save Xbox 360(2)
- 11. Castlevania: Lords of Shadow 2 - Save Game(1)
- 12. The Planet Crafter: SaveGame (all endings and everything is open) [1.317](1)
- 13. Far Cry 3: Blood Dragon: Save Game - quests completed(3)
- 14. Sonic X Shadow Generations: SaveGame (The Game done 100%)(3)
- 15. The Karate Kid: Street Rumble - SaveGame (100% completion)(2)
Latest Tutorials
- 01. PS3 HEN - Audio via a USB headset.(568)
- 02. Stumble Guys | Social Butterfly Achievement(315)
- 03. Last Days of Lazarus Achievement Walkthrough (Xbox/PS)(1,617)
- 04. EDENGATE: The Edge of Life - 100% Trophy/Achievement Guide(2,026)
- 05. Sherlock Holmes Chapter One | Walkthrough | No Commentary(1,632)
- 06. Morbid: The Seven Acolytes | Full Game Walkthrough(2,684)
- 07. Adam Wolfe | Full Game Walkthrough | No Commentary(1,775)
- 08. ALFRED HITCHCOCK: VERTIGO - 100% Walkthrough(2,150)
- 09. SHERLOCK HOLMES THE AWAKENED | Walkthrough | No Commentary(1,511)
- 10. Space Roguelike Adventure | Guide - Cheat Code!(1,706)
- 11. DETECTIVE Stella Porta Case | Trophy & Achievement Guide(1,297)
- 12. Tunic 100% Platinum Walkthrough | Trophy & Achievement Guide(1,999)
- 13. Outbreak: The Nightmare Chronicles Achievement Walkthrough(1,600)
- 14. Full Void 100% - Trophy & Achievement Guide(1,640)
- 15. Outbreak: Lost Hope #Xbox Achievement Walkthrough(2,426)
"Xbox Live private keys mistakenly disclosed, says Microsoft" :: Login/Create an Account :: 39 comments