Friday, February 08, 2008

$10 of $75 At Best Buy

Save yourself $10 the next few days:

Labels: , ,

Tuesday, February 05, 2008

Anatomy of a Hack

Ok, I did a little research on the Hack that happened over the weekend to JChava and Psych X.

The freeweb7.com domain is registered to:

ATTN: freeweb7.com
P.O. Box 278
Yarmouth, Nova Scotia B5A 4B2
Canada

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: FREEWEB7.COM
Created on: 11-Mar-07
Expires on: 20-Jan-18
Last Updated on: 20-Jan-08

Administrative Contact:
, 68db9a580a1e672a01ea36ea361e9edb@domaindiscreet.com
ATTN: freeweb7.com
P.O. Box 278
Yarmouth, Nova Scotia B5A 4B2
Canada
1-902-7495331

Technical Contact:
, 68db9a7b0a1e672a01265c6cece872bc@domaindiscreet.com
ATTN: freeweb7.com
P.O. Box 278
Yarmouth, Nova Scotia B5A 4B2
Canada
1-902-7495331

Domain servers in listed order:
NS2.FREEWEB7.COM
NS1.FREEWEB7.COM

The prefix that the hackers addes is xbox360news. This was probably never, ever a valid web site. The hackers have hacked and replaced the 404 Page Not Found error message with some custom java script that comes up as 404.jsp when you crawl the site.

This script redirects to a subdomain of acsyndication.com, which is registerd to:

ADS-CLICK
20 rte de pr?-bois

geneve, GENEVE 1215
Switzerland

Registrar: DomainPeople, Inc.

Domain Name: acsyndication.com
Created on .............Mon Oct 16 13:15:17 2006
Expires on .............Thu Oct 16 16:15:17 2008
Record last updated on .Fri Jul 13 10:54:15 2007,

Administrative Contact:
ADS-CLICK
Pascal Rossini
20 rte de pr?-bois

geneve, GENEVE
1215, CH
( )41227917380
()
pascal.rossini@ads-click.com

Technical Contact:
ADS-CLICK
Administrator DNS
1 N State Street
12th Floor
Chicago, IL
60602, US
(1312)2362132
()
administrator@siteprotect.com

Domain servers in listed order:
ns.dfi.innet.ch 195.70.1.100
ns.innet.ch 195.70.10.100


From this site a script is run automatically. My Firewall vendor won't even let me look at the site, it is blocked as malicious when I try to draw up the script. The prefix of the site is acnetwor.flux. - this may be another hacked domain. Nonetheless, it runs the script on the victim PC.

While I can't tell you exactally what is happening, here are my thoughts on what is happening. Microsoft didn't put much security into the file system on the XBOX 360, certainly not a Firewall of any type, and I doubt the did anything to encrypt user data on the hard disk drives of the XBOX 360. The software kernel of the 360 is just some customized code from other Microsoft OSes, leaving it with the same well known venrubilities. A smart hacker could easily figure out how to exploit the XBOX 360, then create a fairly generic script to scan the local network, find the XBOX and pull and send the information. The whole process would probably take less than a minute, and certainly fewer than five minutes, long before you suspected antyhing was going on in your network.

This is a very scary prospect for XBOX 360 users. Be sure to call Microsoft @ 1-800-4MY-XBOX today to get your information protected with your secret question. Then tell them you want to open a ticket requesting that the security on the XBOX be improved.

We should also consider removing all the user information from our accounts on the XBOX as this information does not appear to be secure. Only placing it there if they requrie us, and then doing something to make it stand out oddly if ever used.

I've sent the info out to a buddy that might be able to figure things out a little further. Until then, be extra careful where you browse.

Labels: , ,

Monday, February 04, 2008

FRAUD ALERT

Warning! This it not a joke.

Psych X's account has been hacked and turned to Ghostrider IXI

JVacha's account has been haced and turned to Sphinx Telia.

Both got hacked by going to:

http://xbox360news [dot] freeweb7 [dot] something you canfigure out here

Do not load this site just to check it out, neither provided any information to the site, both had thier accounts stolen and their credit card # that was tied to the account was hijacked too.

I haven't spoken to them, but to Lady Death 13. Microsoft has informed them that they are SOL and can't have their accounts back. So be careful where you browse and to whom you provide information about your account.

Do not trust any communication from any of these gamertags. Check with myself or Lady Death 13 if you think you have a message from a new tag from either of these gamers, as we will verify the new tags they use when we know them.

HOW TO AVOID BEING A VICTIM. Call 1-800-4MY-XBOX, demand that they ask your CHALLENGE QUESTION first, before requesting any information. It took me half an hour to accomplish tonight. Be near a PC, you might have to log in and make some changes to your accounts.

Here are a few other things to consider with your Gamer Tag:

1. Don't put your location, name or any other relevant information in your Profile/Motto/Name/Location/Bio. Mine says, and will always say "tinyurl.com/36g3fv" "The Dren" "Sitting on the couch." Want to know more? Get to be my friend, earn my trust and I will tell you. I've had fellow gamers over to my house, and I've been to their houses.

2. Don't get on a real name basis with anyone till you have played with them a bunch. Treat this like online dating, don't reveal too much till you get to know folks pretty well.

3. If you play with a regular gang, it is OK to call everyone by their real name, but if a stranger comes into the room, revert to gamertags. I do this all the time with my clan.

4. Make some dummy e-mail accounts. I have about 4 throw away gmail accounts that are active I can use for verifications, but don't give away my good ones unless I am certain of where they are going.

5. Lie. A lot. I know this goes against everything your mother taught you growing up, but on the 'Net, it is the best way to survive. Filling out an online form, can't figure out why they would ever need your actual address, real name or actual phone #? Make something up, make it sound good, use itconsistently. I use an address on my street 10 higher than what my actual address is, a fake name like Jack Meauff, and an old phone # from years ago that no longer works. Only provide true information when you have to do so for some legitimate business. Lie for legit stuff like this thread suggests, never use your mother's maiden name, never use something that is related to you in any way, shape or form. My sister in law is a huge Harry Potter fan, she used Harry Potter related stuff for all her password. I crazy ex boyfriend used this basic knowledge to hack nearly everything she had setup online.

6. Be paranoid. Double or triple check everything you hear on the 'Net. Google it, check some forums, then look for another source, just to be safe. Just because you are parinoid doesn't mean they aren't out to get you.

7. If it sounds to good to be true, it is probably too good to be true. No one is going to give you 1600 MS points in exchange for your name address and phone number. They will however, use that information to screw you over.

Here is a thread about this issue over at 360voice:

Live Accounts Being Hacked

Labels: , ,

!!ATTENTION THIS IS A SCAM!!

WHAT EVER YOU DO, DON'T REPLY TO THIS WEBSITE LIKE Psyc X did. IF you go to this website and put in your gamer tag, they will seize your account and take everything you own.

http://xbox360news [dot] freeweb7 [dot something you coudl figure out]/ <---- Don't log on this site!! don't even look at it!!! (Link removed from the post by The Dren.)

THIS IS Psyc X account, it has been taken over by someone unknown.

Here is a photo of his account. This is a message that was sent to me through his gamer tag. This person is not on my friends list.

Labels: ,