The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

  • Subscribe

  • Xavier’s tweets

    Error: Twitter did not respond. Please wait a few minutes and refresh this page.

  • Goodreads

  • Enter your email address to follow this blog and receive notifications of new posts by email.

    Join 1,186 other followers

  • Blog Stats

    • 52,406 hits

17 Mistakes Microsoft Made in the Xbox Security System

Posted by Xavier Ashe on December 28, 2005

This article is about the security system of the Xbox and the
mistakes Microsoft made. It will not explain basic concepts like buffer
exploits, and it will not explain how to construct an effective
security system, but it will explain how not to do it: This
article is about how easy it is to make terrible mistakes and how
easily people seem to overestimate their skills. So this article is
also about how to avoid the most common mistakes.

For every security concept, this article will first explain the
design from Microsoft's perspective, and then describe the hackers'
efforts to break the security. If the reader finds the mistakes in the
design, this proves that Microsoft has weak developers. If, on the
other hand, the reader doesn't find the mistakes, this proves that
constructing a security system is indeed hard.

This paper dated 2005-10-25, has been submitted to the 22nd Chaos Communication Congress and will be presented on December 29th 2005, 18:00, at the Berliner Congress Center, Berlin, Germany.

You are invited to comment on this article on the Discussion Page.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: