Sysgen said: Has MS implemented a Steam Guard equivalent? Click to expand...

Neuromancer said: No but they need to; this is getting absurd. Click to expand...

gundamzeta209 said: I see a lot of people throwing the term "social engineering" around In this thread. what does that mean in this context? Im guesing that We arent talking about federal and state social policies here Click to expand...

saunderez said: Basically pretending you're someone else and using that to your advantage. With enough information you can easily impersonate anyone when - for instance - calling Xbox Support. I blame Facebook for the explosion in social engineering, it's incredible how much information morons put there for the public to see. Click to expand...

They really need to. The only thing they added is the "Xbox 360 Profile Protection System", which is an option that requires any xbox out there to re-download your profile: https://live.xbox.com/en-US/Profile/Protection In other words, they need to input your account password on that machine again to re-download the profile.Which is fine and dandy when you go to a friends house, download your profile and, somehow, you forget to delete it from the console. If he tries to get back in, he'll need your password and will be screwed.HOWEVER, this doesn't help in the event of a console being hacked AT ALL. We really need two-tiered activation, Steam Guard style.Exactly. "Social Engineering" is not hacking a system, a database. It's "hacking" the person on the other line of a phone line. Pretending to be somebody else with enough information to make that person believe you're the user of that account, and acquire even more information. And it's not only on Xbox Support.Let's say you call some other service that, instead of changing your password, provides you your password through the phone. Let's also say you're one of the millions of people that have tiered password system: One for stupid websites on the internet, one for regular sites you care but don't have any credit card information and another password (usually this one is really good! It has numbers and shit!) for those sites that do have Financial/Personal information.If you, for instance, call Netflix and somehow get them to give you your Netflix password, there's a chance that the same password is being used on the 360. As one service "ties" into the other, both have Credit Card information, both need to be seucre. What do you do? You use your "good" password in both services. Boom, you're screwed.I'm specifically calling out Netflix because, in prior threads, some reports of people socially engineering through Netflix have been found.