MOSEB Underway
The latest in a string of 'Month of X Bugs' projects is underway, with the 'Month of Search Engine Bugs' (MOSEB) commencing at the start of June. Five vulnerabilities have already been disclosed, starting with a number of XSS and redirector issues affecting a Ukranian search engine, Yahoo!, and Hotbot.
While these vulnerabilities are relevant and are usable against the Search Engines, their usefulness is largely limited to spoofing - perhaps part of an effort to misdirect or compromise users. The greater risk is for disclosed vulnerabilities in sites which provide additional services, such as webmail or other account-based features. These could then be used to capture the victim's account and allow for impersonation of the victim.
Unlike the Month of ActiveX Bugs, which ran during May, the vulnerabilities identified as part of MOSEB are being presented in English and Russian. After the first few ActiveX bugs were disclosed in May, the disclosures were being made in Italian, and focussed on relatively obscure ActiveX controls - mainly third party controls.
4 June 2007
Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.
Comments will soon be available for registered users.