Month of Bugs

A Ukranian hacker known as “MustLive” has announced plans for a Month of Search Engine Bugs project in June 2007.

The purpose of this Month of Bugs is a demonstration of real state with security in search engines, which are the most popular sites in Internet. To let users of search engines and web community as a whole to understand all risks, which search engines bring to them. And also to draw attention of search engines’ owners to security issues of their sites.

The plan is to shake out cross-site scripting bugs in the most popular search engines (think Google, Yahoo, MSN, and publish details on these flaws.

Cross-site scripting vulnerabilities are widely considered the low hanging fruit in security research circles but, when combined with other unpatched holes, they can be valuable to an attacker.

This latest project, although less technical than previous efforts, should not be dismissed. As we know, these “month-of-bugs” initiatives get positive results — flaws get fixed — and that’s always a good thing.