IoT
News
News
5/25/2005
02:31 PM
50%
50%
RELATED EVENTS
The Analytics Job and Salary Outlook for 2016
Jan 28, 2016
With data science and big data top-of-mind for all types of organizations, hiring analytics profes ...Read More>>

Microsoft Fixes Flaw in Xbox Web Site

A security company often at odds with Microsoft said Wednesday it had identified a vulnerability in the Redmond, Wash.-based developer's Xbox Web site that could be used by phishers to shanghai personal information.

A security company often at odds with Microsoft said Wednesday it had identified a vulnerability in the Redmond, Wash.-based developer's Xbox Web site that could be used by phishers to shanghai personal information.

The bug, called a "cross-scripting" vulnerability, affected Microsoft's Xbox 360 site, where gamers can get a sneak peak at the upcoming console's features. According to Finjan Software, the vulnerability could let phishers harvest such things as e-mail addresses and credit card numbers.

Finjan told Microsoft of its findings last week; Microsoft quickly modified the site to eliminate the vulnerability.

"This discovery is another example of our cooperation with Microsoft and other leading software vendors to fix vulnerabilities before they are exploited by the hacking community," said Shlomo Touboul, Finjan's chief executive in a statement.

That conciliatory tone is at odds with past blow-ups between Finjan and Microsoft. Last November, for instance, Finjan claimed that Windows XP SP2 had 10 unpatched vulnerabilities, and Microsoft responded by calling the San Jose, Calif.-based security firm's claims "potentially misleading and possibly erroneous."

At the time, a Microsoft spokesperson said "We encourages Finjan to abide by the principles of responsible disclosure and to decline to provide further comment or details on the alleged vulnerabilities until Microsoft is able to complete its investigation and can respond."

Microsoft officials have been relentless in their criticism of security researchers whom they think prematurely disclose vulnerability information.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
How to Knock Down Barriers to Effective Risk Management
Risk management today is a hodgepodge of systems, siloed approaches, and poor data collection practices. That isn't how it should be.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.