Microsoft plugs phishing hole in Xbox site

Flaw could have been used to prey on people interested in finding out more about the new 360 console.

Microsoft has patched a flaw in its Xbox 360 Web site that researchers say could have opened the door to a phishing attack.

Security company Finjan Software said that it notified the software maker of the issue last week and that Microsoft patched its site within 12 hours. The flaw was what is known as a cross-site scripting vulnerability, which could have been exploited by hackers to gather credit card data and other personal information from people looking to get more information about the new game console.

"This discovery is another example of our cooperation with Microsoft and other leading software vendors to fix vulnerabilities before they are exploited by the hacking community," Finjan CEO Shlomo Touboul said in a statement.

A Microsoft representative confirmed that Finjan reported the bug and that the two companies worked to close the security hole. The representative said Microsoft is not aware of any attacks that exploited the vulnerability.

Earlier this year, Microsoft and Finjan became embroiled in a disagreement over the timing of flaw disclosure. The software giant criticized the San Jose, Calif.-based company for posting "proof of concept" code to exploit a security hole on the same day Microsoft released a patch.

Microsoft announced its plans for the second-generation Xbox earlier this month. The game player doesn't go on sale until the holiday shopping season, but the Xbox 360 Web site has gone live with some video clips, game previews and an option to sign up for updates.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Details about Apple's 'spaceship' campus from the drone pilot who flies over it

MyithZ has one of the most popular aerial photography channels on YouTube. With the exception of revealing his identity, he is an open book as he shares with CNET's Brian Tong the drone hardware he uses to capture flyover shots of the construction of Apple's new campus, which looks remarkably like an alien craft.

by Brian Tong