'Month of bugs' pins bull's-eye on Google, Yahoo
Search engines are the focus of a bugfest that begins June 1
Computerworld - Yet another month-long round of daily bugs cranks up June 1, a Ukrainian researcher announced yesterday. This time, the target will be search engines such as Google, Yahoo, MSN and Ask.com.
Tagged with the copycat "Month of Search Engines Bugs" moniker, this latest bug-a-day campaign follows Month of Browser Bugs (July 2006), Month of Apple Bugs (January 2007), the turned-out-to-be-bogus Month of MySpace Bugs (April 2007) and May's Month of ActiveX Bugs.
"Purpose of this Month of Bugs is a demonstration of [the] real state with security in search engines, which are the most popular sites in Internet," the researcher identified only as "MustLive" explained. "To let users of search engines and [the] Web community as a whole to understand all risks, which search engines bring to them. And also to draw attention of search engines' owners to security issues of their sites." The entry was in both English and Russian.
MustLive promised cross-site scripting vulnerabilities would be the month's focus, and multiple search sites' flaws would be disclosed. Every day we'll publish vulnerabilities in different engines, said MustLive. Or, as it was originally posted online: "Everyday will be publish vulnerabilities in different engines."
Although some security analysts have blasted "Month of..." projects as publicity stunts, several of the campaigns -- notably January's Apple bugs rodeo -- have resulted in updated software. According to McAfee Inc.'s Kevin Beets, several of the "Month of..." runs have produced patches. More than two-thirds of the 31 Apple flaws made public, for instance, were fixed. "It does appear that vendors are taking notice of this format," Beets said on McAfee's Avert Labs blog. "Whether you love 'em or hate 'em, it looks like the 'Month-of' projects are having an impact on the vulnerability landscape."
The Month of Search Engines Bugs will kick off at this URL.
Read more about Security in Computerworld's Security Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Enhancing Application Protection and Recovery with a Modern Approach to Snapshot Management This CommVault Business Value and Technology White Paper explains how Simpana IntelliSnap® Recovery Manager can make your application recovery fast and reliable.
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts