'Month of bugs' pins bull's-eye on Google, Yahoo
Search engines are the focus of a bugfest that begins June 1
Computerworld - Yet another month-long round of daily bugs cranks up June 1, a Ukrainian researcher announced yesterday. This time, the target will be search engines such as Google, Yahoo, MSN and Ask.com.
Tagged with the copycat "Month of Search Engines Bugs" moniker, this latest bug-a-day campaign follows Month of Browser Bugs (July 2006), Month of Apple Bugs (January 2007), the turned-out-to-be-bogus Month of MySpace Bugs (April 2007) and May's Month of ActiveX Bugs.
"Purpose of this Month of Bugs is a demonstration of [the] real state with security in search engines, which are the most popular sites in Internet," the researcher identified only as "MustLive" explained. "To let users of search engines and [the] Web community as a whole to understand all risks, which search engines bring to them. And also to draw attention of search engines' owners to security issues of their sites." The entry was in both English and Russian.
MustLive promised cross-site scripting vulnerabilities would be the month's focus, and multiple search sites' flaws would be disclosed. Every day we'll publish vulnerabilities in different engines, said MustLive. Or, as it was originally posted online: "Everyday will be publish vulnerabilities in different engines."
Although some security analysts have blasted "Month of..." projects as publicity stunts, several of the campaigns -- notably January's Apple bugs rodeo -- have resulted in updated software. According to McAfee Inc.'s Kevin Beets, several of the "Month of..." runs have produced patches. More than two-thirds of the 31 Apple flaws made public, for instance, were fixed. "It does appear that vendors are taking notice of this format," Beets said on McAfee's Avert Labs blog. "Whether you love 'em or hate 'em, it looks like the 'Month-of' projects are having an impact on the vulnerability landscape."
The Month of Search Engines Bugs will kick off at this URL.
Read more about Security in Computerworld's Security Topic Center.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!