XBox360 website went phishing

How the mighty are vulnerable

By Paul Hales

Wed May 25 2005, 15:02

MICROSOFT'S Xbox360 website had the lurgy.

Net security firm Finjan Software, said it informed Microsoft last week of a cross-site scripting vulnerability on the site which could potentially be exploited to gather personal and confidential information from visitors to the site.

The phishing routine could possibly scan details such as email address, home address, credit card number from consumers wishing to pre-order Microsoft's new gaming console, the firm said.

The firm said it handed Microsoft details of the vulnerability last Thursday, May 19th 2005.

The Vole was able to patch the hole within 12 hours, Finjan said. µ

L'INQs
www.xbox360.com
Finjan

Microsoft’s January Patch Tuesday fixes a critical Windows Media flaw Totals eight vulnerabilities Wednesday, 11 January 2012, 16:26 PM Read more	Newly patched Safari flaws pose serious risks A proof-of-concept remote code execution exploit is available Thursday, 13 October 2011, 11:26 AM Read more
Adobe patches critical vulnerabilities in Flash Player Attacks are already seen in the wild Thursday, 22 September 2011, 10:06 AM Read more	Wordpress blogs are at risk Hole found in a popular third-party script Wednesday, 3 August 2011, 15:11 PM Read more
Skype unclear whether it has patched Facebook vulnerability Claims ghostly update fixes everything Monday, 1 August 2011, 17:33 PM Read more	Facebook patches automatic wall posting XSS worm Targeted smartphones, spread like wildfire Wednesday, 30 March 2011, 13:51 PM Read more

< Previous article| Next article >

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

Functional Oracle HRMS Con

Functional Oracle HRMS cons...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

XBox360 website went phishing

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review