Criminals Can Steal Your Credit Card Numbers from Your Old Xbox

Have you ever sold your old Xbox 360 console, or even just the hard drive?  If so, you should keep a close eye on your bills and credit reports, because it turns out hackers can snag the credit card numbers you used to buy those cute little avatar outfits.  Researchers at Drexel University have found that even after a factory reset, your personal information remains on the drive, waiting to be taken by hackers using common tools.

The sad fact is Microsoft is very good at protecting important data, that is, as long as they own it.  It would seem this generation of home video game consoles just can’t resist “leaving the keys in the lock” on your personal data, as demonstrated by last year’s hack of Sony’s PSN.  The worst part is, if you want to sell or give away your Xbox hard drive, you have to rig it to a computer, then use a utility designed to wipe the data from hard drives in order to destroy your personal information on the drive.  On the bright side, however, Xbox fanboys have officially lost bragging rights about security after the PSN scandal.

Source: Kotaku.com

Sony Bolstering It’s Defenses Against “Hacktivist” Groups

After being hammered by over 20 hacking attacks from hacktivist groups Lulzsec and Anonymous in 2011, Sony is beefing up security like never before.  The leader of Sony’s new security department is Brett Wahlin, former employee of McAfee with years of experience as a counter intelligence officer in the US military.  Wahlin’s security strategy is focused on defending against newer “socially-motivated” hackers.

Wahlin is hoping to look at the overall pattern of how many of these online attacks begin in order to react to breaches in security faster and prevent them from happening, along with working to monitor PlayStation Network for suspicious transactions that can pose a threat.  Another part of this strategy is educating staff to promote better security practices in the workplace.  Much of Sony’s overall security goals are to automate the detection of abnormal activities on the network so security staff can devote more time to stopping attacks as they are discovered.

Source:  scmagazine.com