An interesting story involving a five-year old boy and Xbox LIVE has made the rounds: apparently this precocious child managed to find a gaping hole in Microsoft’s password verification system.
Kristoffer Von Hassel found a way to log into his father’s account in order to play games he wasn’t supposed to. He ended up showing his father that when he typed in a wrong password for his father’s account, it clicked to a password verification screen. Simply hitting space and then hitting enter allowed for access to the account through a back door.
The father, who works in computer security, then sent that information to Microsoft. After fixing the loophole they added Kristoffer to their website in a list of security researchers that have helped make Microsoft online services more secure.
In a statement from a Microsoft official:
We’re always listening to our customers and thank them for bringing issues to our attention. We take security seriously at Xbox and fixed the issue as soon as we learned about it.
Kristoffer will receive four free games, $50 and a year-long subscription to Xbox LIVE for his vital discovery.