Xbox security cracked by 007

$100,000 prize claimed for running Linux on Microsoft console...

The $100,000 reward promised by Lindows founder Michael Robertson to anybody who could run Linux on an unmodified Xbox, may have been won by a hacker who found a buffer overflow flaw in a 007 Xbox game. The hacker, going by the name Habibi-Xbox, revealed the exploit on Saturday in a message posted on the Xbox Hacker website. Organisers of the Xbox-Linux Project confirmed the method works. The trick involves the "save/load game" function in the James Bond game 007: Agent Under Fire, which normally allows players to save a file recording their progress in the game to the Xbox's hard drive and later reload it. Habibi found that by using one of several USB storage devices recognised by the Xbox, the load game screen can also be used to load other software, including compact versions of the Linux operating system. The technique apparently exploits a buffer overflow flaw in the 007 game, a technique similar to that used by online vandals to damage servers. Habibi wrote in the posting: "Basically, there is a bug in the save handling, which has been found in several games." Michael Robertson, founder of Linux company Lindows, has encouraged such work with a two-part contest, each part carrying a $100,000 prize. Part A, for the first team to run Linux on an Xbox, has already been met, and a prize committee is selecting the winners. Part B set aside $100,000 for the first to run Linux on an unmodified Xbox. British programmer Andy Green, one of the founders of the Xbox Linux Project, confirmed on Monday that the 007 exploit works and said it "will qualify for some or all of the prize". A final decision won't be made until the contest expires on 31 December, however, and a prize committee set up by Robinson assigns credit.