Language Selection

English French German Italian Portuguese Spanish

Phishing flaw catches Xbox 360 site

Filed under
Microsoft
Security

Microsoft has patched a potentially dangerous flaw on its www.xbox360.com website after security experts warned the software giant of a cross-site scripting vulnerability which could be exploited by hackers to launch phishing attacks.

The vulnerability could be used by web criminals to gather personal and confidential information, such as email address, home address and credit card number, from innocent consumers wishing to pre-order Microsoft's forthcoming gaming console.

IT security firm Finjan Software said that it provided Microsoft with full technical details on 19 May, including proof-of-concept, in order to assist the company with the fix.

Within 12 hours of Finjan's report Microsoft had removed the flaw from its website, which is no longer exposed to this specific vulnerability.

Shlomo Touboul, chief executive and founder of Finjan Software, said: "This discovery is another example of our co-operation with Microsoft and other leading software vendors to fix vulnerabilities before they are exploited by the hacking community."

Source.

More in Tux Machines

Lollipop unwrapped: Chromium WebView will update via Google Play

Android 5.0, codenamed Lollipop, has introduced a key change to the WebView component, used by app developers to display HTML 5 content within their apps, making new features more readily available. Read more

Being a Sporadic Overview Of Linux Distribution Release Validation Processes

Our glorious Fedora uses Mediawiki to manage both test cases and test results for manual release validation. This is clearly ludicrous, but works much better than it has any right to. ‘Dress rehearsal’ composes of the entire release media set are built and denoted as Test Composes or Release Candidates, which can be treated interchangably as ‘composes’ for our purposes here. Each compose represents a test event. In the ‘TCMS’ a test event is represented as a set of wiki pages; each wiki page can be referred to as a test type. Each wiki page must contain at least one wiki table with the rows representing a concept I refer to as a unique test or a test instance. There may be multiple tables on a page; usually they will be in separate wiki page sections. Read more

Charting new licensing territories with the Open Definition standard

The CC BY and CC BY-SA 4.0 licenses are conformant with the Open Definition, as are all previous versions of these licenses (1.0 – 3.0, including jurisdiction ports). The CC0 Public Domain Dedication is also aligned with the Open Definition. Read more

2014's most significant cloud deals have OpenStack at heart

2014's slate of cloud deals reflect a few important trends in the market for the open source cloud software. One is that traditional enterprise vendors continue to see potential in OpenStack and they're willing to shell out the cash to buy the expertise and technology they need to pursue the market. Read more Also: OpenStack for humanity's fast moving technology