Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security The Internet

June Will Be Month of Search Engine Bugs 60

Posted by CmdrTaco from the put-on-your-hard-hats dept.
De Garmo writes "A Ukranian hacker known as "MustLive" has announced plans for a Month of Search Engine Bugs project in June 2007. The plan is to shake out cross-site scripting bugs in the most popular search engines (think Google, Yahoo, MSN, Ask.com) and publish details on these flaws. From the article: "[The] purpose of this Month of Bugs is a demonstration of real state with security in search engines, which are the most popular sites in Internet. To let users of search engines and web community as a whole to understand all risks, which search engines bring to them. And also to draw attention of search engines' owners to security issues of their sites.""
This discussion has been archived. No new comments can be posted.

June Will Be Month of Search Engine Bugs More

June Will Be Month of Search Engine Bugs

Comments Filter:

  • i wonder... (Score:1, Funny)

    by Anonymous Coward
    will we eventually be able to google for these bugs?

  • A few to get started with (Score:5, Informative)

    by thornmaker ( 794873 ) on Sunday May 20, 2007 @12:39PM (#19198925)
    Here's a few to get off the ground with: http://sla.ckers.org/forum/read.php?3,44,page=47 [ckers.org]

    • Re: (Score:2)

      by baadger ( 764884 )
      Yet another reiteration of why you should use NoScript (or similar controls in your browser of choice) to only enable javascript on sites (preferably with one click) when they aren't working, and why more sites should be specifying their need for Javascript.

    • Re: (Score:1)

      by klept ( 895849 )
      Ok I assume these search engines are to be used in place of the more popular search engines during bug month. Do all of these search engines have their own developed algorithms and other programming procedures for search? Or are they using Google's or some other popular search engine's algorithm for their search. As am sure you know, many search engines use a more popular se's alg. Think Yahoo was using Google's at one time. If all of these se's have their own independent algorithms, they will very useful

      • Re: (Score:1)

        by klept ( 895849 )
        Two things forget to mention One is thank you. The other is that I could be completely wrong lol about the search algorithm having anything to do with xss.

  • Well (Score:2, Interesting)

    by TheRealMindChild ( 743925 )
    Well, if it is "bugs" you are looking for (not just security exploits), here is one:

    Try searching google for "\\.\"

    You Windows driver programmers should know what it is about.

    • Re: (Score:2, Informative)

      by binaryspiral ( 784263 )

      Try searching google for "\\.\"

      You Windows driver programmers should know what it is about.

      http://www.google.com/search?q=%22%5C%5C.%5C%22 [google.com]

      Brings up nothing, but I'm interested to read what you find.

    • Re:Well (Score:4, Informative)

      by zaajats ( 904507 ) on Sunday May 20, 2007 @12:51PM (#19198999)
      I'd say the response is exactly the same as with "(" [google.com], meaning the special sequence is not special after all and that google simply ignores all-symbol searches. Or something.

      • Re: (Score:1, Interesting)

        by Anonymous Coward
        Submitting a completely blank search box just sends you to the google homepage.
        http://www.google.com/search?q= [google.com]

        Searching for something that returns no hits gives you a helpful message
        http://www.google.com/search?q=ncjkxhsk%5Caflhjsdk a [google.com]

        But searching for only symbols gives you a nice blank page!
        http://www.google.com/search?q=()()) [google.com]

        Fun and games with google!
        • I think it's annoying that Google removes symbols, and I think other search engines do too. It makes doing searches for specific things very hard. Heck "10-200" (in quotes) won't give you only exact matches, it will return any page with 10 and 100 in it rather than the specific string. Advanced mode exact string search didn't do me any good last I tried it. It's important for looking up very specific things, like model numbers or part numbers and any thing that doesn't match exactly isn't relevant to th

          • Re: (Score:1)

            by zaajats ( 904507 )

            I think it's annoying that Google removes symbols...

            I totally agree, but also believe this is a case where the technical difficulty of fixing it actually is significant - in addition to creating indexes of single words (and numbers) they'd also have to index all punctuation etc (in addition to word order, which they already do)

      • Re: (Score:2)

        by jez9999 ( 618189 )
        Indeed. Try this [google.com].

    • Re: (Score:2, Interesting)

      by highonlife ( 942559 )
      Here is something that should be more of interest.

      Search for ".com" in google.
      http://www.google.com/search?hl=en&q=.com&btnG=Goo gle+Search&meta= [google.com]
      The first site found is microsoft, the second site found is yahoo. Now if i understand the pagerank system correctly, and i find this reasonably hard to believe, this means that more people link to yahoo and microsoft than google itself? Further down the page you find amazon, and even ask.com
      On the other hand, i think this is reasonable proof
      • Not necessarily. There's a good chance the "." is being stripped, so what you're searching for is "com". Microsoft Component Object Module (COM) comes up first, but that's not surprising because it's been around for years.
        • I would normally agree with you, but how does that justify yahoo at number two?.
          The only reason yahoo is at number two (if i understand the highlighting correctly) is because it is catching the ".com" in yahoo.com.
          If fact, (i dont know what they call these ...sublinks...the ones that are tabbed away and below the main link) the sublink to the microsoft link (which is about COM at number 1) is to microsoft.com, again found by the *drum roll please* ".com" in "microsoft.com".

          If anyone makes a "com again"

      • Re: (Score:1)

        by thzinc ( 679235 )
        Actually, you should search for site:com [google.com]...

    • No ads bug on Google! (Score:5, Informative)

      by cyberianpan ( 975767 ) on Sunday May 20, 2007 @02:49PM (#19199747)
      Try this link [google.com]. Google without any ads ? Ok we could configure our machines to bloack ads but I use different machines a lot, if that "backdoor" link becomes popular Google would be in trouble ! I picked up on this "bug" from here [blogspot.com].

      Yes strictly it isn't a bug in the sense that it harms the user but it is the same as a bug that allows you use a program for free.

      • Re: (Score:2)

        by jesser ( 77961 )
        That also turns off the "Did you mean:" spelling suggestions, the image results when you search for something like "Firefox logo", and the map results when you search for something like a zip code or address. If you found a "full Google search" without ads, that would be more interesting.
    • You know, some other people have been suggesting that Google removes symbols from their searches, but I don't find this to be true. As an example, google (with quotes) "foo.*baz" . You will notice that bar is also bolded , as just as if it was (gasp) a search term. Why? Because regexes work, that's why!

      • Because regexes work, that's why!


        Of course not. Regexes do NOT work in Google searches. Try searching for sla.*dot, and you will find, as expected, things with "sla" and "dot". The closest to slashdot you may come across could be a sla.dot Word template if /. had such a thing, and was using Word, and had decided that typing slashdot was too long and that sla would do since you cannot have a Word template called "/.dot"...

      • It's not a regexp search. Google treats words joined by a dot as if they were enclosed in doublequotes (thereby triggering a phrase search), and treats an asterisk as matching any whole word (actually sometimes short phrases are matched too.

        So your search for foo.*baz is the same as a search for "foo *" baz. Because the phrase "foo bar baz" is common on programming sites, you're likely to see "bar" bolded because it matches the asterisk.

  • The plan is to shake out cross-site scripting bugs in the most popular search engines (think Google, Yahoo, MSN, Ask.com)
    Uh, thanks for explaining what a search engine is, in order to stave off the inevitable questions of "What's a search engine? Why do the editors think we know this?".

  • month of x, month of y (Score:5, Funny)

    by Anonymous Coward on Sunday May 20, 2007 @01:55PM (#19199331)
    can we have a month of free, good porn? i spend all day looking at bugs, i could do with something else for a change...

    • Re: (Score:3, Funny)

      by kirun ( 658684 )
      If you have an ipv6 connection, yes. Wait and see.

    • Re: (Score:1, Funny)

      by Anonymous Coward
      What about those of us who like bug porn, you insensitive clod!
  • Hmm, I wonder if it's going to be something like this...?
    http://johnny.ihackstuff.com/ghdb.php [ihackstuff.com]

  • hmm (Score:1)

    by MadKad ( 1090963 )
    sounds like a load of pap to me, will have to wait and see.

  • Wrong bug - (Score:4, Funny)

    by HW_Hack ( 1031622 ) on Sunday May 20, 2007 @04:03PM (#19200335)
    Shouldn't June be the month or "June Bugs" ... damn things used to scare the hell out of me as a kid. And I don't even want to talk about Potato Bugs

  • To let users of search engines and web community as a whole to understand all risks, which search engines bring to them.
    What impressive language skills our editors have!

Slashdot Top Deals

I tell them to turn to the study of mathematics, for it is only there that they might escape the lusts of the flesh. -- Thomas Mann, "The Magic Mountain"

Close