Language Selection

English French German Italian Portuguese Spanish

Phishing flaw catches Xbox 360 site

Filed under
Microsoft
Security

Microsoft has patched a potentially dangerous flaw on its www.xbox360.com website after security experts warned the software giant of a cross-site scripting vulnerability which could be exploited by hackers to launch phishing attacks.

The vulnerability could be used by web criminals to gather personal and confidential information, such as email address, home address and credit card number, from innocent consumers wishing to pre-order Microsoft's forthcoming gaming console.

IT security firm Finjan Software said that it provided Microsoft with full technical details on 19 May, including proof-of-concept, in order to assist the company with the fix.

Within 12 hours of Finjan's report Microsoft had removed the flaw from its website, which is no longer exposed to this specific vulnerability.

Shlomo Touboul, chief executive and founder of Finjan Software, said: "This discovery is another example of our co-operation with Microsoft and other leading software vendors to fix vulnerabilities before they are exploited by the hacking community."

Source.

More in Tux Machines

today's leftovers

Linux Foundation and Linux

Leftovers: Software

  • ownCloud 9 Self-Hosting Cloud Server Now in Beta, Here's What's New for Users
    Today, Frank Karlitschek, founder, maintainer, and CTO of ownCloud, has teased users on Twitter with a download link for the first Beta build of the upcoming ownCloud 9 self-hosting cloud server.
  • Openshot Video Editor 2.0.6 Beta 3 Is a Massive Release
    Openshot is a video editor that features 3D animation, curve-based camera motion, compositing, transitions, audio mixing, vector titles, and many others features. A new beta build is now available for download and testing
  • Calibre eBook Reader and Editor Gets Better Sorting for Multiple eBooks
    A new version of the Calibre eBook editor, viewer, and converter is now out, and the developer has added a couple of new features and quite a few fixes.
  • News from mu
    I have been writing several posts about emacs but today I would like to specifically tell my readers about the nifty tool I use for email management, mu and its main component, mu4e. Just before I start, let me briefly remind a few things about email on emacs: there’s not a single tool to do everything around email. In fact, there’s quite a lot of different tools, related or not, that perform one job but does it quite well. As an example, there is one tool to fetch the emails from your IMAP servers, one tool to index them on your system, another one you could call an email client, but wait, here’s at least one more: a tool to compose and send emails. Sometimes, the tools are integrated with one another, sometimes they are not, but they are always a collection of disctinct parts.
  • Cockpit 0.95 Released
    Cockpit releases every week. Here are the highlights from 0.90 through 0.95.
  • Opera Browser Receives Buy Out Offer For $1.2 Billion USD
  • Opera Vows to Remain the Same After Chinese Buyout
    Opera Software revealed yesterday that a proposal to buy the company has been made by a Chinese consortium, and they are most likely going to accept it. The company is now trying to convince the community that it's a good thing.

today's howtos