Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • PC Hardware

    Microsoft Plugs Phishing Hole on Xbox360 Site

    Written by

    Ryan Naraine
    Published May 25, 2005
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Microsoft has applied an update to its Xbox360.com Web site to address a cross-site scripting vulnerability that could have been exploited by phishers to snag sensitive personal information from online gamers.

      The flaw was discovered by San Jose, Calif.-based IT security services firm Finjan Software Ltd. and fixed within 12 hours.

      Finjan did not publicly release details of the vulnerability, which the company said could potentially be exploited to hijack e-mail addresses, home addresses, credit card numbers and other confidential information from customers that pre-ordered the brand-new game console.

      The company said in a statement that on May 19 it provided Microsoft with “full technical details, including proof-of-concept, concerning the vulnerability, in order to assist Microsoft with the fix,” the company said in a statement.

      Finjan confirmed that the Web site, which makes heavy use of Flash technology, is no longer exposed to the scripting flaw.

      Microsoft uses the Xbox360.com site to provide information to consumers about the Xbox gaming system. It also serves as an extension of the Xbox Live subscription service and requires users to provide personal information, including credit card data, to create accounts and make online purchases.

      /zimages/4/28571.gifClick here to read anti-phishing protection tips from contributing editor David Coursey.

      The site uses the Microsoft .Net Passport service to provide registration and sign-in services.

      Separately, security-alerts aggregator Secunia has raised the alert for a “moderately critical” denial-of-service flaw in “Halo: Combat Evolved,” a popular PC game developed by Bungie Studios and published by Microsoft Games.

      The vulnerability, which affects version 1.06 and Custom Edition 1.00, is caused by an error in communication handling.

      /zimages/4/28571.gifRead more here about Microsofts new Xbox.

      “This can be exploited to cause a vulnerable service to enter an infinite loop and consume a large amount of CPU resources by sending a specially crafted UDP [User Datagram Protocol] datagram to the server,” Secunia warned.

      A detailed advisory has been published by Luigi Auriemma, the security researcher that discovered the “Halo: Combat Evolved” bug.

      In the absence of a fix, Secunia recommends that games be hosted on a trusted network only.

      /zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Ryan Naraine
      Ryan Naraine

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×