May 25, 2005 11:39 AM PDT

Microsoft plugs phishing hole in Xbox site

Microsoft has patched a flaw in its Xbox 360 Web site that researchers say could have opened the door to a phishing attack.

Security company Finjan Software said that it notified the software maker of the issue last week and that Microsoft patched its site within 12 hours. The flaw was what is known as a cross-site scripting vulnerability, which could have been exploited by hackers to gather credit card data and other personal information from people looking to get more information about the new game console.

"This discovery is another example of our cooperation with Microsoft and other leading software vendors to fix vulnerabilities before they are exploited by the hacking community," Finjan CEO Shlomo Touboul said in a statement.

A Microsoft representative confirmed that Finjan reported the bug and that the two companies worked to close the security hole. The representative said Microsoft is not aware of any attacks that exploited the vulnerability.

Earlier this year, Microsoft and Finjan became embroiled in a disagreement over the timing of flaw disclosure. The software giant criticized the San Jose, Calif.-based company for posting "proof of concept" code to exploit a security hole on the same day Microsoft released a patch.

Microsoft announced its plans for the second-generation Xbox earlier this month. The game player doesn't go on sale until the holiday shopping season, but the Xbox 360 Web site has gone live with some video clips, game previews and an option to sign up for updates.


Join the conversation!
Add your comment
Are all these little news articles
about security really necessary? It seems like 20% of Cnet "news" article are about some offbeat security hole. This time, the Xbox360 site.
Posted by bobby_brady (765 comments )
Reply Link Flag
Perhaps CNET should just have a daily/weekly list of found/fixed security issues with links for extra details. (Yes I am serious.)
Posted by Andrew J Glina (1673 comments )
Link Flag
The Opensource way
Microsoft did what opensource boast of. Patching a website in 12 hours, that is offcourse very fast.
May be *big* isn't always slow.
Posted by (29 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.