Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Crime Microsoft Privacy Security XBox (Games) Games

Microsoft: 'Unlikely' Credit Card Details Lifted From Xbox 360s 105

An anonymous reader writes with this excerpt from ZDNet: "Security researchers from two universities say they found how hackers can retrieve credit card data and other personal information from used Microsoft Xbox 360s, even if the console is restored back to factory settings and its hard drive is wiped. Microsoft is now looking into their story of buying a refurbished Xbox 360 from a Microsoft-authorized retailer, downloading a basic modding tool, gaining access to the console's files and folders, and eventually extracting the original owner's credit card information. Redmond is still investigating, but it's already calling the claims 'unlikely.'"
This discussion has been archived. No new comments can be posted.

Microsoft: 'Unlikely' Credit Card Details Lifted From Xbox 360s

Comments Filter:
  • Microsoft is right (Score:3, Insightful)

    by Johnny Mister ( 2610721 ) on Thursday April 05, 2012 @09:46AM (#39584975)
    This just seems more like bad mouthing about MS and XBOX360. It was already debunked on Slashdot too, because MS doesn't store credit card details on the machine. They only store account details. Microsoft is right - this is just some unfounded rumor that has no basis on reality.
    • I don't believe the CC numbers are stored on the HD either. But, take the extreme view that they are, and they're stored unencrypted. It still requires someone selling/losing/stolen their Xbox HD. This will never be a pandemic problem.

      And I'm sure everyone on this forums knows that the only way to truly wipe a HD requires a hammer. That Xbox HD still could have your account name/email address/password. Could lead to far more problems than just losing a CC # if that email or password is used for more th

      • by chrb ( 1083577 ) on Thursday April 05, 2012 @10:49AM (#39585981)

        I don't believe the CC numbers are stored on the HD either.

        It might be possible that the data was written to a temporary file, or the memory was written to the swap partition, or that the number was written by a non-MS game or app.

        That Xbox HD still could have your account name/email address/password.

        Yes, apparently they recovered user names, gamer tags, purchase history etc.

      • by tibit ( 1762298 )

        And I'm sure everyone on this forums knows that the only way to truly wipe a HD requires a hammer.

        That's quite silly if you're talking about modern mechanical hard drives. Apart from reallocated bad sectors, if you overwrite a hard drive with all-zeroes, the data is irreversibly gone. The only remaining fragments are sectors that got reallocated; those are likely not to be deleted even if you initialize the hard drive. Of course those fragments may, by chance, happen to have a credit card number in them, say if they were a part of a swap file at some point in time.

        • Apart from reallocated bad sectors, if you overwrite a hard drive with all-zeroes, the data is irreversibly gone.

          Not precisely true. drive platters (even overwritten with zeros) can be forensically analyzed after the fact by examining the off-center track data...but that would require physical dis-assembly of the drives which they are clearly not doing here.

          ...also (at least for me personally) drives get retired when they die, therefore there would be no way to zero them out without repairing whatever t

          • by tibit ( 1762298 )

            Not precisely true. drive platters (even overwritten with zeros) can be forensically analyzed after the fact by examining the off-center track data...but that would require physical dis-assembly of the drives which they are clearly not doing here.

            That was true maybe up to 15 years ago, and that's a stretch. There's no such forensic analysis. These days there is no space left between tracks. This means that magnetic domains from one track directly touch domains from another track. If you overwrite, there's nothing left. If there was anything left, it'd be a costly design omission: any unused magnetic domains are a waste, they should be used to store data! They engineered this as far as it goes.

            • That's just not true. Obviously there is 'something' left otherwise a write from one track would corrupt data from the adjacent track.

              The inter-track spacing is certainly much smaller than it was 15 years ago, and therefore harder to analyze, but certainly not impossible.

              If you're curious about the technique it's called 'magneto force microscopy' (MFM).
              • by tibit ( 1762298 )

                Having had access to MFM and having looked about 8 years ago at a then-state-of-the-art hard drive I can tell you that there is no inter-track spacing with anything resembling data in it, unless that particular drive was somehow a special case. It was a rather normal laptop hard drive. Have a look at the relevant wikipedia page [wikipedia.org]. There is effectively noise between the tracks of the old 3.2gb drive, but there's nothing between the tracks of the 30gb drive. A contemporary hard drive has very, very few domains

                • Even comparing both adjacent track areas? I find that difficult to believe. MFM allows resolutions as high as 10 nanometers and the inter-track spacing on modern drives is IIRC greater than 100 nanometers even on the highest density models.
      • I don't believe the CC numbers are stored on the HD either. But, take the extreme view that they are, and they're stored unencrypted. It still requires someone selling/losing/stolen their Xbox HD. This will never be a pandemic problem.

        And I'm sure everyone on this forums knows that the only way to truly wipe a HD requires a hammer. That Xbox HD still could have your account name/email address/password. Could lead to far more problems than just losing a CC # if that email or password is used for more than the Xbox system.

        I have a better chance of stealing receipts from Target than getting them from a recently formatted Xbox. This story is being blown way out of proportion.

    • The Paper (Score:5, Informative)

      by chrb ( 1083577 ) on Thursday April 05, 2012 @10:42AM (#39585843)

      this is just some unfounded rumor that has no basis on reality

      It's more than a rumour, it's a research paper from some forensics experts that has been submitted to a conference. Of course, that does not mean that it is correct, and afaik it has not been published yet.

      The PDF (found via xbox-experts.com [xbox-experts.com]:
      Identity Theft and Used Gaming Consoles: Recovering Personal Information from Xbox 360 Hard Drives [hotfile.com]

      The relevant text shows that they just got a credit card hit from some forensics tool:

      Performing a fast scan on one of the drives resulted in a possible credit card hit as demonstrated in Image 10. Although this does not definitively prove there are any credit card numbers on the hard drive, it is highly probable given the results obtained. The Bank Identification Number in this hit identifies this as a Bank of America Discover Card [37].

      The authors appeal to have credible prior experience in digital forensics:

      Dr. Asley L. Podhradsky, Drexel University [drexel.edu]
      Dr. Rob D'Ovidio, Drexel University [drexel.edu]
      Cindy Casey, Drexel University [linkedin.com]

      They have published work on XBOX 360 previously, so they may have some experience in this specific area (or not):
      The Xbox 360 and Steganography: How Criminals and Terrorists could be Going Dark
      A Practitioners Guide to the Forensic Investigation of Xbox 360 Gaming Consoles

      • Re:The Paper (Score:5, Informative)

        by damnbunni ( 1215350 ) on Thursday April 05, 2012 @10:53AM (#39586057) Journal

        It seems especially unlikely in that Microsoft doesn't accept Discover cards - only Mastercard, AmEx, Visa, and PayPal.

        So why would someone enter their Discover information on an Xbox anyway?

        • by chrb ( 1083577 )

          So why would someone enter their Discover information on an Xbox anyway?

          Someone didn't realise that, tried it anyway, and the failure got logged or swapped out? Or it could be outside of the context of Live: maybe they were running a Web browser and a page got cached? Or they sent or received the card number in an email or instant message and it got saved to the disk? The string could have even been stored in a temporary file and deleted, it seems the tool they use just scans the flat binary drive data, rather than interpreting the file system.

          An ASCII string, bounded by non-

          • Let me guess, he dumped it into Encase and ran the Credit Card Finder EnScript?
            • So I just downloaded the report that someone linked above and that's exactly what he did, consider my blown away. Given my experience, the existence of a hit from that Enscript proves very little. This entire 'report' is cookie cutter at best, this 'forensics expert' is clearly an academic trying to keep his publish rate up.
          • It occurs to me that *maybe*, the only card info that winds up cached are not the VALID ones MS processes and accepts, but rather, cards like this which don't actually work on the network? (If so, that could be a bug in the XBox code, where they purposely refrain from caching or storing cards that successfully process, but neglected to consider people entering good, valid cards which simply aren't the right TYPE (Discover or AmEx).

        • More so.. does BofA, who's parent company owns Visa & MasterCard even issue Discover Cards?
          • Yes. The first six numbers of the card match up to a database of who issued it and what type of card it is - the researchers would have run it through whatever BIN database they have access to.

            I'm not sure what you mean by Bank of America's parent company though, as they don't have a parent company. And Visa and MasterCard don't have owners, they're associations formed of large issuing banks.

        • It seems especially unlikely in that Microsoft doesn't accept Discover cards - only Mastercard, AmEx, Visa, and PayPal.

          So why would someone enter their Discover information on an Xbox anyway?

          You, sir or madam, make me wish I could give something a +6. This completely calls bullshit on the whole endeavor in my opinion.

      • Re:The Paper (Score:4, Informative)

        by Sir_Sri ( 199544 ) on Thursday April 05, 2012 @11:16AM (#39586419)

        Which may actually make it unlikely in microsofts eyes. Being able to have a team of professional forensics experts potentially extract data from a console is a far cry from it being actively exploited by hackers.

        If you look at the paper in question they ran half a dozen tools to try and extract part of a single credit card. And pretty much everything they're looking at is pretty standard hard drive forensics sort of problems, they're discussing in specific to the 360, but there's nothing there that doesn't apply to any HDD. How 'erased' is erased data (when you write 0's to the drive), the answer is not perfectly. A general 'delete personal data' just deletes files the same way most OS's do, it just forgets the links to the files, but they still hang out on the drive and can be extracted.

        It seems like the trick with the Xbox is that it has various partitions and not all of them are always overwritten, and then the general problems with magnetic storage. So sure, if the police have a specific reason to dig through one xbox 360 they might be able to recover something. But beyond that, I wouldn't count on it being a major issue.

        • by tibit ( 1762298 )

          How 'erased' is erased data (when you write 0's to the drive), the answer is not perfectly.

          If you only access the hard drive using published ATA protocols, it is a perfect erasure. You can't recover any of the original data, period. If you access the drive using manufacturer-specific protocols, you may be able to read the contents of reallocated sectors, and those may, by chance, happen to contain useful data. That's it, though. If you were to open up the drive and access the platters using, say, magnetic force microscope, you'd not have access to any other data apart from drive's housekeeping a

  • by rjstanford ( 69735 ) on Thursday April 05, 2012 @09:50AM (#39585045) Homepage Journal

    Bad: 'Unlikely' Credit Card Details Lifted From Xbox 360s
    Better: 'Unlikely' that Credit Card Details have been Lifted From Xbox 360s

    See the difference?

    • by Robert Zenz ( 1680268 ) on Thursday April 05, 2012 @09:54AM (#39585099) Homepage
      Even better: Microsoft says it's unlikely that Credit Card details can be lifted from XBox 360s.
    • One fits in /.'s character limit and the other does not?

      This is disappointing. I have a used Xbox filled with somebody's private credit information. Oh well.

    • Yes, I see the difference. One follows the headline pattern of print and electronic media that has been established for probably 50-100 years. The other has extra garbage words that do not change the meaning and take up more space.

      • Actually, the header is ambiguous with 'unlikely' being closer to 'credit card' than 'details'.

        Microsoft: Credit info lifting from XBox 360s is unlikely - is more clear.
        • Indeed, at a first glance I thought they found some credit card information that was unlikely to be present on the system. Like sears cards or something lol, and not that it is unlikely that credit card data can be lifted from the device. Which using the word unlikely leaves room for doubt and that it is theoretically possible. Now if it said impossible or not true then okay you guys know what the heck is up. But unlikely? that is like saying is the cancer going to spread? and the doctor makes a ehhh face a
  • by crazyjj ( 2598719 ) * on Thursday April 05, 2012 @09:53AM (#39585085)

    IIRC, Sony said something very similar at the beginning of the PSN breach [wikipedia.org]--something along the lines of "This was a minor incident. It was probably only a few accounts. Nothing to see here."

    • by tgd ( 2822 ) on Thursday April 05, 2012 @10:06AM (#39585311)

      IIRC, Sony said something very similar at the beginning of the PSN breach [wikipedia.org]--something along the lines of "This was a minor incident. It was probably only a few accounts. Nothing to see here."

      If someone was claiming they hacked the Xbox/Live network and got access to credit cards, the comparison might be accurate. In this case, they're claiming they got credit card information from a device that doesn't have it.

      And even if it did have it, I think there's better ways for bad guys to get credit card numbers then buying an Xbox one at a time, using a modding tool, grepping the filesystem and pulling out numbers.

      It also sounds like there's no evidence from the article that the numbers were actually credit card numbers. I know every Discover card starts with 6011, but not all 16 digit numbers that start with 6011 are Discover cards, as an example. You also can't assume that any 16 digit number that starts with a 3, 4, or 5 and ends with a valid check digit is a credit card number.

      Until someone enters *their* credit card number on an XBox, and finds *that* number saved on it, I don't think this is credible. And, really, it needs to have the CID, expiration, address verification digits AND the user's name to really be a risk.

      And even then, its really not a risk, given how easy it is to get valid cards in bulk from more nefarious sources.

      • by tibit ( 1762298 )

        It may not be a risk, but the number shouldn't be there, per PCI standards. It's an interesting find.

      • "And even if it did have it, I think there's better ways for bad guys to get credit card numbers then buying an Xbox one at a time, using a modding tool, grepping the filesystem and pulling out numbers."

        The thing is, there is already a fuckton of used xbox 360s floating around out there. Just do an ebay or craigslist search for "red ringed 360" and you will see people selling multiple and buying them (which probably means they have multiple). Heck, I have 2 used 360s in my house, and more have passed thro
        • by tgd ( 2822 )

          They are given away or sold very cheaply by people that don't know how to fix them to people that do, a simple fix is done on them and they are sold.

          And you can get into the right IRC channel and buy a bunch of zero-day card dumps for the same cost... and then you'll have a number you might actually be able to use. If you get numbers from the XBox, you'll have a number that may or may not be old. (The last time I entered a CC into my console was probably four or five years ago, and definitely expired!) You'll maybe have enough data to be able to run a CNP transaction with a site online. For durable good sites, that means shipping something somewhere an

          • "And you can get into the right IRC channel and buy a bunch of zero-day card dumps for the same cost"

            The cost of free? Either way, the type of people I think would do this probably don't know what IRC is. I'm thinking teenagers who know how to mod and repair xboxes, not programmers or career criminals. Armed with my credit card number and my xbox live or ebay name, my address is just a google search away - and if I sold it to someone and shipped it, it's right there on the return label. Never mind the fa
      • If someone was claiming they hacked the Xbox/Live network and got access to credit cards, the comparison might be accurate. In this case, they're claiming they got credit card information from a device that doesn't have it.

        And even if it did have it, I think there's better ways for bad guys to get credit card numbers then buying an Xbox one at a time, using a modding tool, grepping the filesystem and pulling out numbers.

        It also sounds like there's no evidence from the article that the numbers were actually

    • by Richard_at_work ( 517087 ) on Thursday April 05, 2012 @10:23AM (#39585549)

      The way I see this statement from Microsoft is "well, if all the processes are followed correctly by our developers, we don't see this happening, so its unlikely. However, there is a chance that a developer may have used the wrong caching or serialisation library for this routine which may have inadvertently left traces on the XBoxes hard disk, so we are going to look into it."

      I entered my card details on the XBox Live website directly, not via my Xbox - I don't see why Microsoft would deliberately store the card details in two places if you entered it on an XBox, when the card authorisation has to be done by the remote servers anyway, so thats why I'm personally leaning to the above understanding.

      Also, it was noted in the last story about this that the example credit card number given as "successfully retrieved" was not of a type accepted by XBox Live as a payment source...

      • by jimicus ( 737525 )

        The way I see this statement from Microsoft is "well, if all the processes are followed correctly by our developers, we don't see this happening, so its unlikely. However, there is a chance that a developer may have used the wrong caching or serialisation library for this routine which may have inadvertently left traces on the XBoxes hard disk, so we are going to look into it."

        Considering the number of times I've seen applications reinvent the wheel because the developer clearly couldn't find what they were trying to do in an existing library, this wouldn't surprise me in the slightest.

      • Re: (Score:3, Interesting)

        by s.petry ( 762400 )

        Take a common sense view of how this could happen. Xbox kernel sees user input, caches input in case the connection is lost. Cache gets written to drive in case of power failure.

        This is the same mindset we see with other Microsoft products like "Active Installer" for IE. Obviously there are security implications but Microsoft chose to put convenience over security.

        To many of us, the security problems released are not excusable. To Microsoft, it's the best business decision.

        In short, it is not a bad inte

        • The XBox just throws an error to the user if it loses connection to Live while you are doing something - thats why I had to add my card details via the website (XBox lost connection to the local wifi for a bit).

          • by s.petry ( 762400 )

            Personally I boycott all Microsoft products so have to take your word for how it acts during some type of outage. I was just pointing out that it's potentially something that does exist, and it's logical from some perspective. I have seen numerous releases of code from lots of vendors (not just Microsoft) with facilities similar to this. Features do not have to be complete, published, or even fully implemented in order to exist on a system.

          • by s.petry ( 762400 )

            Just a side note, I'm not sure if you read the full PDF. The research is very credible, and very thorough. They show a lot of the data being cache, not just credit card data.

            If the research was just a bash with no merit I would probably just agree with you.

            • by Richard_at_work ( 517087 ) on Thursday April 05, 2012 @12:31PM (#39587873)

              The problem is, they haven't actually verified that what they have is an actual credit card number, they've just pulled a number out that happens to validate and have the same starting digits as a card type but there is no related information - so why would the credit card number on its own find it's way into these streams and not the other details off the card.

              At the moment, they found a number, that's it. What would be an actual test is to use an Xbox, use a card on that Xbox, and then see if you can recover that card from that Xbox - that's not what they did, so the results can't be validated.

              • by s.petry ( 762400 )

                Valid point regarding the known testing. The known test would also be able to provide details on where and what other card data was being stored, if any was being stored. It is logical that if the Card # is being stored, other details are stored as well. Much harder to find a 4 digit date stamp and 3 digit CVV though, so would really need a way of expanding the test immensely. It would be pretty costly, but possible.

                1. Boot system, patch, power down, dd drive1-snapa.

                2. Enter details, register, CC numb

                • Except that the string cannot validate if it was used to sign up for Live - the Xbox 360 will not accept a Discover card because Microsoft does not accept them. This doesn't discount the possibility that the card was there because the former owner signed up to Final Fantasy or another MMO via the console and that application saved or cached the number, but it certainly reinforces that it's unlikely Microsoft is responsible.

                • I was going to post something similar to Kalriath, but my iPad ate my Safari instance last night, so here we go again...

                  They didn't validate the entire string, because thats not possible with the check numbers involved - only the card issuer or the payment networks can actually tell you if its a valid card number and they wouldn't tell you unless you tried to present the card. You can have a card number which validates as a card type, and internally validates as a correctly formed number, but those checks

    • I love Slashdot! A posting about how 360 exposed credit card details is _finally_ posted, but it's in defense of Microsoft. And the third comment down is saying Sony is just as bad. Keep up the great work, everyone!
  • by Anonymous Coward

    I've been hit twice by fraudulent charges relating to XBox accounts on my CC. The common denominator in both cases was using this particular card at the same gas station in Panama City, FL.

    In both cases, several XBox accounts were charged to my card. Microsoft for whatever reason cannot reverse the charges - they actually instruct you to file a complaint with the CC (and in both cases the charges were reversed).

    I don't even own an XBox and convincing both MS and the CC of this fact is very difficult.

    • I can see why that's aggravating, but it makes sense. Your CC company can follow up on fraud by deactivating the old card, issuing a new one, reversing certain charges as fraudulent and watching for activity on the stolen one. If Microsoft does it, it's just a reversed charge on a compromised account.

    • That was the gas station being compromised, not Xboxes.
  • by Anonymous Coward

    oh wait this about xbox isn't it

  • by Anonymous Coward

    Remember MS-12-020:

    Microsoft’s Security Research and Defense Blog stated that they expected to see exploit code in the wild within 30 days according to a quote from their recent blog post addressing the flaws: ”During our investigation, we determined that this vulnerability is directly exploitable for code execution. Developing a working exploit will not be trivial – we would be surprised to see one developed in the next few days. However, we expect to see working exploit code developed w

    • by geraud ( 932452 )
      In the infosec community, triggering a BSOD is considered a PoC, a working exploit means arbitrary code execution. AFAIK there is no public working exploit for MS12-020 atm.
  • This is the standard boilerplate reply from almost any organization that has been publicly exposed as being compromised. They'll continue to tell the world it's the most minor, harmless possible case until lolsec, wikileaks, etc posts a dump of 10k credit cards or something, and only then will they begin to admit the actual scale of the breach.

    In addition to laws that punish groups for being negligent in their security of private data, I'd like to see additional punishments passed out to companies that out

    • by tibit ( 1762298 )

      Tread carefully there, because the corporation often has a fiduciary duty to it shareholders, too. It's a fine line between being charged of negligence in disclosure due to insufficiency of the same, vs. being sued for negligence in disclosure due to possible customer backlash and financial loss.

      • by v1 ( 525388 )

        It's a fine line between being charged of negligence in disclosure due to insufficiency of the same, vs. being sued for negligence in disclosure due to possible customer backlash and financial loss.

        Horse has already left, too late to close the barn door. They had a "fiduciary duty to it shareholders", which they failed at by allowing the breach. They already screwed up and through their negligence damaged the company brand, stock prices, customer goodwill, etc. The responsible behavior of disclosing the

  • by Anonymous Coward

    After seeing the original article I tried finding my own credit card number on my xbox hard disk. Through a search of the entire hard disk not even the first 4 digits of my credit card were found, which is part of the issuer identification number. http://en.wikipedia.org/wiki/List_of_Issuer_Identification_Numbers

    Additionally- the article that put this scare on found a number that matched the issuer identification number for a Discover card issued by Bank of America. Microsoft doesn't even take Discover car

  • I think they should be applauded, for using the word "unlikely" instead of "inconceivable".

  • Really, who cares? Here is what happens with credit card number fraud. It is used once or twice, the bank catches it early because they watch for unusual spending patterns, sometimes even the vendor does (at places like jewelry or electronics merchants where fraud is more common, and insurance against theft becomes expensive), they expire the number and reissue you a card. The vendor gets reimbursed from insurance against theft. Sometimes you get a phone call, asking if it's really you, based on contact inf

    • by tibit ( 1762298 )

      "sending your daughter expectant mother mailers" -- how is that bad? Isn't it a successful use of technology? I'd love to get targeted marketing instead of getting all the usual irrelevant junk that seems nothing more but a waste of resources. Last year I've got about 40lbs of paper junk mail :(

    • What if it isn't unusual spending patterns, though? Let's say my xbox redrings, so I sell it on ebay and buy another. Then the person I sold it to fixes it, grabs my credit card number and goes on a 360 game buying spree. It isn't rare for my family to go on 360 game buying sprees, across multiple accounts and even multiple IPs. So it wouldn't be noticed quickly.
      • Suffice it to say that banks are a bit (nay, a lot) smarter than that. They'll never tell you how their fraud detection systems work, but it can be safely said that they use more factors than just IP address and merchant.

        • So you're saying that someone can have the exact same spending patterns as I do, yet somehow it will be detected as fraud. Sorry, but I find that a bit hard to believe.
          • It's more complex than that. The slightest deviation may be enough to trigger the watchful eye of an actual human, and the statistical possibility of someone having the exact same pattern as you is close to zero. Even something as odd as the person buying a game at 3:15pm when the bank usually sees a purchase at the local coffee shop at 3:15pm would likely be enough to raise an orange flag.

            • I think it is highly likely someone that steals credit card numbers in this fashion would do nothing with the card number except buy games - which is pretty much all I do. I go to the local coffee shop so rarely that they should be watching when I do; yet I have not yet had them cancel my card after I have done so.
  • It surprises me that so many people actually enter their CC info into their XBox.

    Shucks, if it weren't for nice, anonymous, paid-for-by-cash MS Points cards, I wouldn't have any DLC on my box at all...similar to nice, anonymous Visa gift cards for Android Market (sorry, Play) purchases...and nice, anonymous iTunes gift cards for (shudder) iTunes* purchases.

    * living in Canada sucks sometimes...we're so close yet at the same time so far from being able to buy digital content from the myriad of vendors availab

    • Sounds like a VPN proxy in the US would do a lot of the things you want. You can get pretty decent ones with very little drop in bandwidth and very little added latency for about $8/month.

      • Sounds like a VPN proxy in the US would do a lot of the things you want. You can get pretty decent ones with very little drop in bandwidth and very little added latency for about $8/month.

        Yess...and a decent torrent client can get even more of what I want with no added charge per month :) I simply want to 'play by the rules' and reward the artists I enjoy for creating great content, it just frustrates me that there is no 'legal' means for me to send my business where I would prefer. It's like they don't want my money...sure, it's colourful, but it spends pretty darn good up here!

  • How terribly convenient that, in December of last year, Microsoft jammed a new Xbox service "agreement" down everyone's throat where you "agree" to never sue Microsoft, either as an individual or as a member of a class, and instead "agree" to resolve all disputes via "neutral" arbitration.

    It seems they saw Sony get its pants yanked down to its ankles, and all the consequent lawsuits, and thought to themselves, "We could apply the stunning engineering talent we've always claimed to have in this company to

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...