San Jose, CA ñ Finjan Software, provider of Internet security solutions for businesses of all sizes, informed Microsoft last week of a cross site scripting vulnerability on its www.xbox360.com website.
ìFinjanís Malicious Code Research Center (MCRC) is fully dedicated to the research of new trends in Internet security and the detection of vulnerabilities that could lead to potential malicious attacks,î stated Shlomo Touboul, CEO and founder of Finjan Software. ìThis discovery is another example of our cooperation with Microsoft and other leading software vendors to fix vulnerabilities before they are exploited by the hacking community.î
The cross site scripting vulnerability could be potentially exploited to gather personal and confidential information (email address, home address, credit card number, etc.) from innocent consumers wishing to pre-order Microsoftís new gaming console. This type of malicious exploit is
commonly known as ìPhishingî.
On Thursday, May 19 th 2005, Finjan provided Microsoft with full technical details, including proof-of-concept, concerning the vulnerability in order to assist Microsoft with the fix. Within 12 hours of Finjanís report, Microsoft completed the fix on its website, which is no longer exposed to this specific vulnerability.
Finjan Identifies Security Vulnerability on Microsofts Xbox360 Website
.
