More Results From the Month of Search Engine Bugs
The Month of Search Engine Bugs (MOSEB) is continuing to deliver various vulnerabilities with major and minor search engines, as it has since the start of June. Although most of the vulnerabilities delivered so far are for minor search engines, there are some that have the potential for moderate impact if they are used in major phishing / malware attacks.
The most recent major search engine to be affected is Ask.com (previously known as Ask Jeeves / Jeeves), where several vulnerabilities in the main part of the site have been released, including redirection, HTML injection, and JavaScript execution.
Unlike most of the other vulnerabilities released up to this point, almost all of these issues can feasibly be encountered in the course of a normal web search carried out on Ask.com. This particular capability means that it is simple to deliver a malicious URL to a victim in such a way that it should pass through all antiphishing / safe URL checks.
As they have investigated the site further, the group behind the MOSEB have indicated that Ask.com is going to be vulnerable to a lot more vulnerabilities across the various sections of the site.
11 June 2007
Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.
Comments will soon be available for registered users.