Yahoo and Google Watch Out! Here Comes the Month-of-Search-Engine-Bugs
Mustlive - an anonymous hacker - announced during the third week of May 2007 that the coming June would be featuring the next "month long" flaw disclosure project - a project dedicated to the bugs of search engines.
"This month-of-bugs' purpose is to demonstrate the actual state of safety in search engines that are arguably the most popular websites on the Web, as written by the Ukrainian scammer on his blog that Websecurity had published on May 15, 2007. The hacker went on to say that he wanted to allow search engines & web community users to understand the risks brought by search engines to them. Also, he wanted the owners of search engines to be more aware of the security issues concerning their websites.
During June, everyday flaws will be published in the most used search engines throughout the world, particularly the Cross Site Scripting flaws, as written by the hacker in his blog.
The "Month of Search-Engine-Bugs" project has received much of the criticism so far, with critics saying that the hackers need to report their flaw discoveries with the vendor, instead of posting them publicly. Until now, there've been "month long" initiatives for exposing browser, kernel, MySpace, Apple, ActivX, and PHP vulnerabilities.
Microsoft stands all set to address all the potential flaws that affect its MSN search-engine. However, the firm prompts assiduous disclosure of flaws for minimizing the risks to PC users, as told by a company spokesman to SCMagazine.com.
A spokesman from Google said that the Internet search engine giant keeps security as its top priority. The company incorporates security protection in to the overall process of product development and follows generally accepted best practices of the industry for vulnerability & incident response.
The organization encourages security researchers (those who find out security issues in Google products) for following assiduous disclosure practice as well as for contacting the firm (at firstname.lastname@example.org) before they precede with public release the details of that flaw, he further said.
During January this year, security researchers had discovered Google 'cross site scripting' flaw within a web hosting service. The vulnerability discovered to be on the server of the search engine lets the hackers to direct the user towards a Google URL and then pilfer their cookie information. This data lets the malevolent user to gain access to and alter the documents & spreadsheets of the user, and view the search history and email subjects.
Related article: Yahoo Gets “Yam”med by a Worm
» SPAMfighter News - 24-05-2007