Offshore Outsourcing will help you to reduce cost and enhance your productivity

Home About Us Services Partners Articles Classifieds Directory Contact Us
   
Offshoring
Outsourcing
BPO
Computers Networks
Internet
Operating Systems
Data Storage
Telecommunications
Programming
Software Engineering
Information Technology
Online Rights - Law
Business
E-Commerce
IT Outsourcing
Business Consulting
Finance & Accounting
Graphic Design
Web Services
Search Engine Optimization
Open Source
Hardware
Security
Others
Games

Month of bugs spotlight hits search engines

The purpose of this Month of Bugs is a demonstration of real state with security in search engines, which are the most popular sites in Internet. To let users of search engines and web community as a whole to understand all risks, which search engines bring to them. And also to draw attention of search engines’ owners to security issues of their sites.

The plan is to shake out cross-site scripting bugs in the most popular search engines (think Google, Yahoo, MSN, Ask.com) and publish details on these flaws.

Cross-site scripting vulnerabilities are widely considered the low hanging fruit in security research circles (see this list for some examples) but, when combined with other unpatched holes, they can be valuable to an attacker (see RSnake’s description of scenario that blends cross-site-scripting bugs into a targeted attack).

This latest project, although less technical than previous efforts, should not be dismissed. As we know, these “month-of-bugs” initiatives get positive results — flaws get fixed — and that’s always a good thing.

McAfee’s Kevin Beets dug deeper into results from previous “month-of-bugs” projects and found that a large number of holes are being fixed by the affected vendor.
Month of bugs getting results
Since July last year, there have been seven “month-of-bugs” project, highlighting unpatched flaws in browsers, operating system kernels, Apple’s Mac ecosystem, PHP, MySpace and ActiveX.