Before launching into the setup of the X1, here are some of what we are interested in on this gaming platform:
- Facial recognition – What privacy concerns are involved with this feature and are there any problems with how it is implemented?
- Social media – Xbox Live Gold is a social network for gamers. What privacy concerns are here?
- Microphone and camera in your living room – The X1 microphone is always on and listening. I’m not sure what the state of the camera is while the X1 is off. How could this be abused? Can some creep turn on recording of what’s going on and access it some how?
- Implementation flaws – Are there any security problems with the way the X1 has its features implemented? Is data in the clear that shouldn’t be?
- -i = Interface to capture on
- -nn = Don’t convert addresses, protocol and port numbers etc. to names
- -vv = Even more verbose output.
- -X = When parsing and printing, in addition to printing the headers of each packet, print the data of each packet (minus its link level header) in hex and ASCII. This is very handy for analysing new protocols.
- -S = Print absolute, rather than relative, TCP sequence numbers
- -s = Snarf snaplen bytes of data from each packet rather than the default of 65535 bytes. I set this to 0 to capture a data available in each packet.
- -w = Write the captured data out to a file rather than displaying to standard out.
Jason Wood is a Senior Security Consultant at Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at firstname.lastname@example.org or visit the Secure Ideas – Professionally Evil site for services provided.