Language Selection

English French German Italian Portuguese Spanish

Phishing flaw catches Xbox 360 site

Filed under
Microsoft
Security

Microsoft has patched a potentially dangerous flaw on its www.xbox360.com website after security experts warned the software giant of a cross-site scripting vulnerability which could be exploited by hackers to launch phishing attacks.

The vulnerability could be used by web criminals to gather personal and confidential information, such as email address, home address and credit card number, from innocent consumers wishing to pre-order Microsoft's forthcoming gaming console.

IT security firm Finjan Software said that it provided Microsoft with full technical details on 19 May, including proof-of-concept, in order to assist the company with the fix.

Within 12 hours of Finjan's report Microsoft had removed the flaw from its website, which is no longer exposed to this specific vulnerability.

Shlomo Touboul, chief executive and founder of Finjan Software, said: "This discovery is another example of our co-operation with Microsoft and other leading software vendors to fix vulnerabilities before they are exploited by the hacking community."

Source.

More in Tux Machines

SolydX 201411 Is a Rolling Release Alternative to Linux Mint Debian Xfce

SolydX, a Debian-based distribution that features the Xfce desktop environment and uses a rolling release model, is now at version 201411 and is ready for download. Read more

Linux-Based Beautiful Jolla Tablet Registers Fantastic Success on Indigogo

Jolla is a new tablet developed by a team of people who used to work for Nokia and it's powered by a Linux-driver operating system called Sailfish OS. The recently launched crowdfunding campaign has surpassed any expectations. Read more

WordPress 4.0.1 Updates Millions of Sites for 8 Flaws

Millions of open-source WordPress site owners received email notifications over the last 24 hours advising them of a site update. The new WordPress 4.0.1 update provides multiple security fixes and data-hardening improvements to help secure WordPress sites. The WordPress 4.0.1 update is the first incremental update for WordPress since the 4.0 release in September. The 4.0.1 update provides 23 bug fixes and an additional 8 security vulnerability fixes. Read more

V2 Of KDBUS Published For Linux Kernel Review

The second revision to the Linux kernel based D-Bus implementation is now available for review. Greg Kroah-Hartman on Thursday night posted the "v2" revision of the KDBUS implementation for providing the kernel with a new IPC implementation that resembles the existing user-space D-Bus daemon while adding extra features. Among the changes in this revision to KDBUS are exposing its control files and other information via a new kdbusfs file-system, KDBUS expects to be mounted to /sys/fs/kdbus, a new KDBUS domain is created for each time kdbusfs is mounted, and various other low-level changes. More details via the patch-set series. It's not clear yet whether KDBUS will be ready for merging in the Linux 3.19 kernel or will be held off until Linux 3.20 or longer. Read more