'Month of bugs' pins bull's-eye on Google, Yahoo
Search engines are the focus of a bugfest that begins June 1
Computerworld - Yet another month-long round of daily bugs cranks up June 1, a Ukrainian researcher announced yesterday. This time, the target will be search engines such as Google, Yahoo, MSN and Ask.com.
Tagged with the copycat "Month of Search Engines Bugs" moniker, this latest bug-a-day campaign follows Month of Browser Bugs (July 2006), Month of Apple Bugs (January 2007), the turned-out-to-be-bogus Month of MySpace Bugs (April 2007) and May's Month of ActiveX Bugs.
"Purpose of this Month of Bugs is a demonstration of [the] real state with security in search engines, which are the most popular sites in Internet," the researcher identified only as "MustLive" explained. "To let users of search engines and [the] Web community as a whole to understand all risks, which search engines bring to them. And also to draw attention of search engines' owners to security issues of their sites." The entry was in both English and Russian.
MustLive promised cross-site scripting vulnerabilities would be the month's focus, and multiple search sites' flaws would be disclosed. Every day we'll publish vulnerabilities in different engines, said MustLive. Or, as it was originally posted online: "Everyday will be publish vulnerabilities in different engines."
Although some security analysts have blasted "Month of..." projects as publicity stunts, several of the campaigns -- notably January's Apple bugs rodeo -- have resulted in updated software. According to McAfee Inc.'s Kevin Beets, several of the "Month of..." runs have produced patches. More than two-thirds of the 31 Apple flaws made public, for instance, were fixed. "It does appear that vendors are taking notice of this format," Beets said on McAfee's Avert Labs blog. "Whether you love 'em or hate 'em, it looks like the 'Month-of' projects are having an impact on the vulnerability landscape."
The Month of Search Engines Bugs will kick off at this URL.
Read more about Security in Computerworld's Security Topic Center.
- Learn More About Peer 1 Hosting's Mission Critical Cloud Mission Critical Cloud from Peer 1 Hosting is enterprise-ready, creating a perfect point of adoption whether you need an off-premise solution for development
- What Makes a Cloud Solution Truly Enterprise-Grade? Future enterprise cloud capabilities will evolve from five core elements...
- Securing Mobile App Data - Comparing Containers and App Wrappers Analysts agree that Mobile Device Management (MDM) is not enough when it comes to securing app data. Although it remains a critical component...
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade.
- Peer 1's Mission Critical Cloud: Your Cloud, Your Way Peer 1 Hosting's Mission Critical Cloud offers the ultimate in flexible customization of infrastructure, resources and support. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!