Language Selection

English French German Italian Portuguese Spanish

Phishing flaw catches Xbox 360 site

Filed under
Microsoft
Security

Microsoft has patched a potentially dangerous flaw on its www.xbox360.com website after security experts warned the software giant of a cross-site scripting vulnerability which could be exploited by hackers to launch phishing attacks.

The vulnerability could be used by web criminals to gather personal and confidential information, such as email address, home address and credit card number, from innocent consumers wishing to pre-order Microsoft's forthcoming gaming console.

IT security firm Finjan Software said that it provided Microsoft with full technical details on 19 May, including proof-of-concept, in order to assist the company with the fix.

Within 12 hours of Finjan's report Microsoft had removed the flaw from its website, which is no longer exposed to this specific vulnerability.

Shlomo Touboul, chief executive and founder of Finjan Software, said: "This discovery is another example of our co-operation with Microsoft and other leading software vendors to fix vulnerabilities before they are exploited by the hacking community."

Source.

More in Tux Machines

Linux Gaming For Older/Lower-End Graphics Cards In 2018

A request came in this week to look at how low-end and older graphics cards are performing with current generation Linux games on OpenGL and Vulkan. With ten older/lower-end NVIDIA GeForce and AMD Radeon graphics cards, here is a look at their performance with a variety of native Linux games atop Ubuntu using the latest Radeon and NVIDIA drivers. Read more Also: Wine 3.0 open-source compatibility layer now available

Red Hat Patch Warning

  • We Didn't Pull CPU Microcode Update to Pass the Buck
  • Red Hat Will Revert Spectre Patches After Receiving Reports of Boot Issues
    Red Hat is releasing updates that are reverting previous patches for the Spectre vulnerability (Variant 2, aka CVE-2017-5715) after customers complained that some systems were failing to boot. "Red Hat is no longer providing microcode to address Spectre, variant 2, due to instabilities introduced that are causing customer systems to not boot," the company said yesterday. "The latest microcode_ctl and linux-firmware packages are reverting these unstable microprocessor firmware changes to versions that were known to be stable and well tested, released prior to the Spectre/Meltdown embargo lift date on Jan 3rd," Red Had added.

Android Leftovers

Security: Updates, SOS Fund, IR, ME, and WPA

  • Security updates for Friday
  • Seeking SOS Fund Projects
    I’m spending some time over the next few days looking for the next round of projects which might benefit from an SOS Fund security audit.
  • Strong Incident Response Starts with Careful Preparation
    Through working every day with organizations’ incident response (IR) teams, I am confronted with the entire spectrum of operational maturity. However, even in the companies with robust IR functions, the rapidly evolving threat landscape, constantly changing best practices, and surplus of available tools make it easy to overlook important steps during planning. As a result, by the time an incident occurs, it’s too late to improve their foundational procedures.
  • The Intel Management Engine: an attack on computer users' freedom
    Over time, Intel imposed the Management Engine on all Intel computers, removed the ability for computer users and manufacturers to disable it, and extended its control over the computer to nearly 100%. It even has access to the main computer's memory.
  • What Is WPA3, and When Will I Get It On My Wi-Fi?
    WPA2 is a security standard that governs what happens when you connect to a closed Wi-Fi network using a password. WPA2 defines the protocol a router and Wi-Fi client devices use to perform the “handshake” that allows them to securely connect and how they communicate. Unlike the original WPA standard, WPA2 requires implementation of strong AES encryption that is much more difficult to crack. This encryption ensures that a Wi-Fi access point (like a router) and a Wi-Fi client (like a laptop or phone) can communicate wirelessly without their traffic being snooped on.