Feeds

Xbox Live billing site snubs Firefox

Credentials invalid. Game over

Business security measures using SSL

Customers visiting an Xbox Live billing site with Firefox are liable to get a false warning that Microsoft's digital certificate is "invalid".

The certificate is fine and IE users are unaffected by the glitch, which represents the reappearance of an intermittent bug limited to gamers who use Mozilla's open source browser.

Reg reader Gordon, who gave us the heads up about the snafu, explained that he came across it in the process of trying to cancel his X-Box Live Gold account. After firing up Firefox, he was greeted by a confusing and unhelpful error message (extract below).

You have asked Firefox to connect securely to billing.microsoft.com, but we can't confirm that your connection is secure…

billing.microsoft.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown.

Chris Boyd, a security consultant at Sunbelt and Microsoft MVP who has studied the security of online gaming in some depth, confirmed the glitch.

"It seems you get a cert error in Firefox 3.6.8 (the latest version), I don't have other versions to hand to try out," Boyd told El Reg. "[It] Works in IE, and the cert is viewable."

The latest problem appears to be a repeat of earlier glitches, such as one two years ago that affected "Firefox 3", he said. Reports of the problem from August 2008 can be found on gaming forums here.

The bug reappeared last month, according to a notice on a Mozilla support forum.

"There are a few other examples of this on the web, but nobody seems to have a definite answer," Boyd added.

We've passed on the details of the problem to Microsoft's Xbox team and will update this story when we hear more. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Oi, Tim Cook. Apple Watch. I DARE you to tell me, IN PERSON, that it's secure
State attorney demands Apple CEO bows the knee to him
4K-ing excellent TV is on its way ... in its own sweet time, natch
For decades Hollywood actually binned its 4K files. Doh!
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
DARPA-backed jetpack prototype built to make soldiers run faster
4 Minute Mile project hatched to speed up tired troops
Hey, Mac fanbois. HGST wants you drooling over its HUGE desktop RACK
What vast digital media repository could possibly need 64 TERABYTES?
Apple's Watch is basically electric perfume
It isn't just me-too Apple that's lost its lustre: Gadget mania is over
In a spin: Samsung accuses LG exec of washing machine SABOTAGE
Rival electronic giant tries to iron out allegations
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.