I'm a security consultant and researcher from the Ukraine. I'm creator and administrator of Websecurity, the first Ukrainian resource about Internet security. That's my specialty. I've worked in the Web application security field for more than two years, after releasing the first version of my MustLive Security Pack. I've worked in the IT field for 13 years. Why have a Month of Search Engine Bugs?
The main task of Month of Search Engines Bugs is to demonstrate the real state of security in search engines. Search engines are the most popular sites on the Internet, and millions of people visit them every day, so these sites need to be secure. But they are not. The project's task is to let the Web community as a whole and users of search engines understand all the risks, and to draw the attention of search engine owners to the security issues of their sites. My project will help improve search engine security and the security of the Internet as a whole.
I don't agree. These guys need to understand that talking -- what they are doing -- and working --what I am doing -- are different things. It's harder to work at something than just speak and say it is not so good. [Security] is not about words, but deeds. Are you going to expose one flaw a day or multiple flaws a day?
I'm going to make a minimum of one post with one or multiple holes a day for one search engine. But there will be bonus posts with additional bugs for some search engines. Are you releasing details of these flaws after notifying the search engine providers, or will they be learning about them for the first time?
I am going to inform the search engine vendors as I usually do. Every participant of the project will be informed -- up to 30 engines. [But] search engine workers need to be attentively watching my site. Details about the rules of my project will be published at the end of this month. How responsive have companies like Google and Yahoo been when you've notified them of the flaws?
In my work, I regularly find holes in search engines and I inform every search engine vendor about what I find. But in my practice not every vendor fixes the holes in their engine. And not every vendor thanks me for my work because they are too busy counting the money their users bring to them. There are too many holes in search engines in the world. Vendors forgot about the security of their visitors, so I need to remind them. It will be total recall.