May 25, 2005 11:39 AM PDT
Microsoft plugs phishing hole in Xbox site
Security company Finjan Software said that it notified the software maker of the issue last week and that Microsoft patched its site within 12 hours. The flaw was what is known as a cross-site scripting vulnerability, which could have been exploited by hackers to gather credit card data and other personal information from people looking to get more information about the new game console.
"This discovery is another example of our cooperation with Microsoft and other leading software vendors to fix vulnerabilities before they are exploited by the hacking community," Finjan CEO Shlomo Touboul said in a statement.
A Microsoft representative confirmed that Finjan reported the bug and that the two companies worked to close the security hole. The representative said Microsoft is not aware of any attacks that exploited the vulnerability.
Earlier this year, Microsoft and Finjan became embroiled in a disagreement over the timing of flaw disclosure. The software giant criticized the San Jose, Calif.-based company for posting "proof of concept" code to exploit a security hole on the same day Microsoft released a patch.
Microsoft announced its plans for the second-generation Xbox earlier this month. The game player doesn't go on sale until the holiday shopping season, but the Xbox 360 Web site has gone live with some video clips, game previews and an option to sign up for updates.
3 commentsJoin the conversation! Add your comment