IoT
News
News
5/25/2005
02:31 PM
50%
50%

Microsoft Fixes Flaw in Xbox Web Site

A security company often at odds with Microsoft said Wednesday it had identified a vulnerability in the Redmond, Wash.-based developer's Xbox Web site that could be used by phishers to shanghai personal information.

A security company often at odds with Microsoft said Wednesday it had identified a vulnerability in the Redmond, Wash.-based developer's Xbox Web site that could be used by phishers to shanghai personal information.

The bug, called a "cross-scripting" vulnerability, affected Microsoft's Xbox 360 site, where gamers can get a sneak peak at the upcoming console's features. According to Finjan Software, the vulnerability could let phishers harvest such things as e-mail addresses and credit card numbers.

Finjan told Microsoft of its findings last week; Microsoft quickly modified the site to eliminate the vulnerability.

"This discovery is another example of our cooperation with Microsoft and other leading software vendors to fix vulnerabilities before they are exploited by the hacking community," said Shlomo Touboul, Finjan's chief executive in a statement.

That conciliatory tone is at odds with past blow-ups between Finjan and Microsoft. Last November, for instance, Finjan claimed that Windows XP SP2 had 10 unpatched vulnerabilities, and Microsoft responded by calling the San Jose, Calif.-based security firm's claims "potentially misleading and possibly erroneous."

At the time, a Microsoft spokesperson said "We encourages Finjan to abide by the principles of responsible disclosure and to decline to provide further comment or details on the alleged vulnerabilities until Microsoft is able to complete its investigation and can respond."

Microsoft officials have been relentless in their criticism of security researchers whom they think prematurely disclose vulnerability information.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of July 24, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.