Feeds

Xbox Live billing site snubs Firefox

Credentials invalid. Game over

Application security programs and practises

Customers visiting an Xbox Live billing site with Firefox are liable to get a false warning that Microsoft's digital certificate is "invalid".

The certificate is fine and IE users are unaffected by the glitch, which represents the reappearance of an intermittent bug limited to gamers who use Mozilla's open source browser.

Reg reader Gordon, who gave us the heads up about the snafu, explained that he came across it in the process of trying to cancel his X-Box Live Gold account. After firing up Firefox, he was greeted by a confusing and unhelpful error message (extract below).

You have asked Firefox to connect securely to billing.microsoft.com, but we can't confirm that your connection is secure…

billing.microsoft.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown.

Chris Boyd, a security consultant at Sunbelt and Microsoft MVP who has studied the security of online gaming in some depth, confirmed the glitch.

"It seems you get a cert error in Firefox 3.6.8 (the latest version), I don't have other versions to hand to try out," Boyd told El Reg. "[It] Works in IE, and the cert is viewable."

The latest problem appears to be a repeat of earlier glitches, such as one two years ago that affected "Firefox 3", he said. Reports of the problem from August 2008 can be found on gaming forums here.

The bug reappeared last month, according to a notice on a Mozilla support forum.

"There are a few other examples of this on the web, but nobody seems to have a definite answer," Boyd added.

We've passed on the details of the problem to Microsoft's Xbox team and will update this story when we hear more. ®

The Power of One Infographic

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.