had phishing vulnerability

Posted on Wednesday, May 25 2005 @ 19:26 CEST by Thomas De Maesschalck
Finjan Software, the leading provider of Internet security solutions for businesses of all sizes, informed Microsoft last week of a cross site scripting vulnerability on its website.

"Finjan's Malicious Code Research Center (MCRC) is fully dedicated to the research of new trends in Internet security and the detection of vulnerabilities that could lead to potential malicious attacks," stated Shlomo Touboul, CEO and founder of Finjan Software. "This discovery is another example of our cooperation with Microsoft and other leading software vendors to fix vulnerabilities before they are exploited by the hacking community."

The cross site scripting vulnerability could be potentially exploited to gather personal and confidential information (email address, home address, credit card number, etc.) from innocent consumers wishing to pre-order Microsoft's new gaming console. This type of malicious exploit is commonly known as "Phishing".

On Thursday, May 19th 2005, Finjan provided Microsoft with full technical details, including proof-of-concept, concerning the vulnerability in order to assist Microsoft with the fix. Within 12 hours of Finjan's report, Microsoft completed the fix on its website, which is no longer exposed to this specific vulnerability.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments