geekosystem

There's something to be said for concerned customers that contact companies in order to help them solve problems inherent in their systems. This is what Kevin Burke, one such concerned customer that just so happens to be a coder, did with Virgin Mobile USA back in August. After taking the matter seriously at first, it appears that the company ultimately did nothing about the fact that their account authentication can be easily be forced.

Microsoft isn't one to readily admit that they're dealing with a major security flaw, in that they're not going to publicize the fact. To be fair, most technology companies aren't often the ones that come forward with potential exploits. Someone, or some group, usually has to first do some damage before these loopholes get closed with any speed. A major exploit that works across operating systems? Well, that's another story. Microsoft has already responded to the latest critical exploit found in Internet Explorer 6, 7, 8, and 9, but the help provided might not do much.

Whenever a new form of digital rights management, or DRM, hits the market, people get antsy. Developer and publisher Ubisoft has their own particular brand of this nonsense which requires a launcher of their making: Uplay. Unfortunately for them, it looks like Uplay includes a major security hole which some hackers are decrying as an intentional rootkit. This is the kind of revelation that can lead to recalls and public statements.

An exploit has emerged on the Diablo III forums that makes Wizards invulnerable. Characters apparently experience no health or arcane power reduction, and are also immune to certain effects like freezing. The exploit is still working at the time of this writing, but don't expect something like this to go unfixed for very long.

Reportedly, hackers figured out a fairly easy method to obtain free Microsoft Points, which supposedly cost Microsoft up to $1.2 million. Generally, as any soul without a dime to his or her name but really wants some DLC is aware, there are various sites that offer free MS Points after one fills out various surveys (their legitimacy usually in question), but this method discovered by hackers actually worked: They found an algorithm to add to used MS Points codes which would generate fresh codes that users could exchange for MS Points. Supposedly, not every single generated code would work, but a majority of them did, which resulted in people continually generating and amassing new, 160MSP codes.

Along with the site that offered the generated codes, a program was released--via the general piracy community--that would generate and obtain the codes for users, which offered the choice between 160MSP codes, or a code for a Halo: Reach Banshee avatar prop or a 48 hour Xbox Live trial.

Microsoft quickly discovered and subsequently squashed the exploit, though one user of the exploit claimed he managed to steal about $150 in MS Points in 20 minutes of attempts. For more details on the exploit, head on over to The Tech Game forums, which is where the exploit originated.

A Microsoft representative responded to the situation, claiming that the exploit resulted in much less stolen money than the reported $1.2 million figure, and gave a pretty uninteresting response regarding how they will handle punishing the guilty parties:

“Our Policy and Enforcement team is evaluating whether or not certain individuals have violated the Terms of Use for Xbox LIVE and will take the appropriate enforcement on an individual basis. Codes obtained legitimately by users will not be impacted.”

At least Microsoft claims they will accurately evaluate and punish the appropriate parties, rather than the way certain other ridiculously popular teams handle money hacks.

(Save And Quit via GamesIndustry.biz)