Language Selection

English French German Italian Portuguese Spanish

Phishing flaw catches Xbox 360 site

Filed under
Microsoft
Security

Microsoft has patched a potentially dangerous flaw on its www.xbox360.com website after security experts warned the software giant of a cross-site scripting vulnerability which could be exploited by hackers to launch phishing attacks.

The vulnerability could be used by web criminals to gather personal and confidential information, such as email address, home address and credit card number, from innocent consumers wishing to pre-order Microsoft's forthcoming gaming console.

IT security firm Finjan Software said that it provided Microsoft with full technical details on 19 May, including proof-of-concept, in order to assist the company with the fix.

Within 12 hours of Finjan's report Microsoft had removed the flaw from its website, which is no longer exposed to this specific vulnerability.

Shlomo Touboul, chief executive and founder of Finjan Software, said: "This discovery is another example of our co-operation with Microsoft and other leading software vendors to fix vulnerabilities before they are exploited by the hacking community."

Source.

More in Tux Machines

Has The Sky Fallen? Qualcomm Contributes To Freedreno's DRM/KMS Driver

In an interesting change of events, Code Aurora on the behalf of the Qualcomm Innovation Center has added Adreno A4xx product support to the Freedreno-spawned DRM/KMS "MSM" driver. Rob Clark started the Freedreno project over two years ago as a reverse-engineered project around Qualcomm's Adreno hardware. At the time Rob was working for Texas Instruments but now is employed by Red Hat. The Freedreno driver has largely been developed just by Rob with contributions by a few others, but without any official support from Qualcomm. Freedreno is to Adreno hardware as Nouveau is to NVIDIA hardware. Like Nouveau, Rob developed Freedreno code through clean-room reverse engineering. Read more

New Projects from the Ever-Protean World of Open Source

In my previous column, I pointed out that free software was now so successful, and in so many fields, that people might wonder whether there's anything left to do. The question was rhetorical, of course, of course: the ingenuity of the open source community means that people there will always find new and exciting projects. And not just the big one that I suggested of baking strong crypto into all our communication tools. There are countless other novel uses for open source, as these three very different examples below indicate. Read more

Microsoft 'loves' Linux? Then stop attacking open source

According to Satya Nadella, Microsoft loves Linux. He said as much, complete with pictures -- and his team backs him up. In itself, it's a remarkable statement. Nadella's predecessor, Steve Ballmer, described open source in the darkest terms, characterizing it (with the GNU GPL) as a commercial cancer and never retracting the slur. In many ways, that dark prophecy has come true for Microsoft, which has seen its rent-seeking business model steadily eroded by open source. Though it still has a cash cow to milk, Microsoft's monopolies no longer frighten anyone. Read more

Window and Desktop Switcher moved to Look’n’Feel Package

Today we did an important change in how KWin will distribute its assets in the upcoming 5.2 release. When we started our thoughts about the Look’n’Feel Package and how we want to have meta themes for the complete Plasma workspace we also wanted to have this for the Window and Desktop switcher provided by KWin. So the structure of the Look’n’Feel Package already has all the pieces for including the Window and Desktop Switcher, but it was not used. Now we finally addressed this for the 5.2 release and moved the default switcher into the Look’n’Feel Package and KWin can locate the switchers from the Look’n’Feel Package. Read more