Month of Search Engines Bugs

23:50 15.05.2007

The time has come for announcement of my new project - Month of Search Engines Bugs. This project will start next month. So June is a month of bugs in search engines ;-) .

The purpose of this Month of Bugs is to demonstrate the real state of security in search engines, which are the most popular sites on Internet. I will help search engines users and the web community as a whole understand all risks that search engines bring to them. I’ll also make search engines’ owners aware of the security issues of their sites.

During the month, each day I will publish vulnerabilities in the most popular search engines of the world. Cross-Site Scripting vulnerabilities will be focused on in particular. Each day I will publish vulnerabilities in different engines (minimum one publication at a time, and there will also be bonus publications).

Address of the project: http://websecurity.com.ua/category/moseb/

Additional information about the project and its rules will be published at the end of this month. June will be the hot month.


7 відповідей на “Month of Search Engines Bugs”

  1. GiZmo каже:

    Rock on dude!

  2. t4c каже:

    I’m very excited…

  3. Sara каже:

    Hey MustLive. Absolutely, finding vulnerabilities in search engines is important to the greater security of the Internet.

    But is this exactly legal?

    Web researchers need to be VERY careful, because any research you do happens on the site owner’s server…which, by American and British law, at least, is basically illegal.

    I know that Google has a fairly open relationship with Web researchers. And I know Johnny Long talks about “Google hacking,” but he’s not hacking google really; just using google to turn up info in other insecure sites.

    So, how exactly are you doing this without getting in trouble?

  4. MustLive каже:

    Sara

    Thanks for your post and for your interest to my project. And it is good that you see that my security related work is important for security of whole Internet. It is what I’m trying to explain for every owner of the site with vulnerabilities. And it is all about my work of social security audit which I do everyday.

    About legality of my work.

    Sometimes people ask me about legality of my work. And on this question I can only answer that it is legal. All my work is in legislative field of my country - I am exceptionally in the law of Ukraine. And mainly I don’t break the law of almost all counties in the world (some questions can be in case of UK, but as I know not in US). But in case I am citizen of Ukraine, I am located in legislative field of my own country (so restrictions of other countries’ laws are not extend on me). Sara don’t worry, I’m law-abiding citizen (of Ukraine).

    And no need to worry, I’ll not get in troubles. But we will see what will people decide about one or another search engine after my project ;-) . SE can get in troubles when they don’t care about security, because internet community needs secure engines.

    So I am a careful web researcher and I am very carefully working on improving Internet security. I’m caring for security in contrast to search engine vendors, which mostly didn’t take care of security.

    In case of legality you need to come to this from other side. Are SE vendors doing legal if they make their site with full of holes and expose their visitors to danger? They are not! That is mine question and problem - the legality of holed search engines. So you need to go and ask them about their legality status.

    Just imagine that people (after my MOSEB will start) in USA decide to bring an action (to court) against some of the search engines from my project. Which were exposed them (visitors) to danger. And look at one more side: SE vendors talking that they take care of their security (and they are hardly working on it). But that is not true (in most cases) - because SE sites have a lot of holes (that you will see in June). So I’ll open the truth for the people, for internet community.

  5. Gucio каже:

    You will write this articles in English, yes?

  6. MustLive каже:

    Gucio

    Yes, I will. In MOSEB I’ll write all articles in English and Ukrainian.

  7. MustLive каже:

    I published detailed description of Month of Search Engines Bugs project.

Leave a Reply

You must be logged in to post a comment.