Archive for category Search Engine
Bugspy.net: Opensource Bug Tracking Website
Posted by Mourad Ben Lakhoua in Search Engine, Software Security, Vulnerabilities on October 4, 2009
Bug is a word that means an error in a certain program, usually Bugs are located and removed in the program testing or debugging phase.
Globally there is a big number of testing labs that are on a daily bases looking for discovering new Bugs and alerting on them, here I wanted to mention this site http://www.bugspy.net this site is dedicated to alert of the latest vulnerabilities in the open source applications.
Bugspy is a search engine that crawls the web looking for bugs from different sources. There are thousands of open source software projects but the site objective is to make it easy for security professional to identify the bugs in a quick way and to provide details on the severity of this vulnerability, this is very important to protect the open source resources.
The vulnerability description provided on text and statistically deciding whether this bug might pose a security threat and the level of this threat so if it’s critical a fix should be applied to mitigate the risk.
Here you can find some technical details about the site:
Crawler development language: Python
Web site development language: Python + Django framework
Database: PostgreSQL
Number of open bugs indexed: ~225,000 bugs and going up
Number of products indexed: ~ 7500 products and going up
Exploitable Bugs Detector: Developed with the aid genetic algorithms (pyevelove http://pyevolve.sourceforge.net)
The targeted visitors: IT Security experts, developers, sw project managers, and anyone who wants to be regularly updated about new bugs in OSS.
make sure you subscribe to my RSS feed!
Google search contain millions of compromised Webpages
Posted by Mourad Ben Lakhoua in News, Search Engine on October 3, 2009
Nowadays some fake companies forced Google and other search engines to list millions of compromised website in their web search results. These links lead to infected websites that can damage computer system and theft of sensitive information.
This kind of attack aims to redirect the victims to download fake copies of popular programs. For example if you search “cheap vista for student” you can find about 19 million pages and among them some URL for soft4pcs.com which is not a trusted source for windows operating system to download.
Another phishing attack that has been very popular and now is back is ASProx botnet. Many vulnerable IIS can allow hackers to inject malicious javascript link to Microsoft SQL server so on the search engine if you look for used corvette parts it brings you site ads-t.ru/ads.js which spreads a dangerous malicious file in the Adobe flash player.
This kind of attack can allow hackers to take control on millions of machine, to build zombies network that is instructed remotely or to get some sensitive information like bank credentials….
So be very careful with the links in your emails or on search engine and do not click unless you are sure from the source.
make sure you subscribe to my RSS feed!
-
You are currently browsing the archives for the Search Engine category.
SUBSCRIBE
Latest Comments