Feeds

Xbox Live billing site snubs Firefox

Credentials invalid. Game over

Top three mobile application threats

Customers visiting an Xbox Live billing site with Firefox are liable to get a false warning that Microsoft's digital certificate is "invalid".

The certificate is fine and IE users are unaffected by the glitch, which represents the reappearance of an intermittent bug limited to gamers who use Mozilla's open source browser.

Reg reader Gordon, who gave us the heads up about the snafu, explained that he came across it in the process of trying to cancel his X-Box Live Gold account. After firing up Firefox, he was greeted by a confusing and unhelpful error message (extract below).

You have asked Firefox to connect securely to billing.microsoft.com, but we can't confirm that your connection is secure…

billing.microsoft.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown.

Chris Boyd, a security consultant at Sunbelt and Microsoft MVP who has studied the security of online gaming in some depth, confirmed the glitch.

"It seems you get a cert error in Firefox 3.6.8 (the latest version), I don't have other versions to hand to try out," Boyd told El Reg. "[It] Works in IE, and the cert is viewable."

The latest problem appears to be a repeat of earlier glitches, such as one two years ago that affected "Firefox 3", he said. Reports of the problem from August 2008 can be found on gaming forums here.

The bug reappeared last month, according to a notice on a Mozilla support forum.

"There are a few other examples of this on the web, but nobody seems to have a definite answer," Boyd added.

We've passed on the details of the problem to Microsoft's Xbox team and will update this story when we hear more. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Leaked pics show EMBIGGENED iPhone 6 screen
Fat-fingered fanbois rejoice over Chinternet snaps
Feast your PUNY eyes on highest resolution phone display EVER
Too much pixel dust for your strained eyeballs to handle
Report: Apple seeking to raise iPhone 6 price by a HUNDRED BUCKS
'Well, that 5c experiment didn't go so well – let's try the other direction'
US mobile firms cave on kill switch, agree to install anti-theft code
Slow and kludgy rollout will protect corporate profits
Rounded corners? Pah! Amazon's '3D phone has eye-tracking tech'
Now THAT'S what we call a proper new feature
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Sony battery recall as VAIO goes out with a bang, not a whimper
The perils of having Panasonic as a partner
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.