DSecRG researchers Dmitry Chastukhin and Alexey Sintsov were inducted into the Google Company Hall of Fame (http://www.google.com/about/corporate/company/halloffame.html) within the vulnerability search section. The goal of the program is recognition of information security specialists who found and reported about the vulnerabilities in WEB resources of Google Company.
During the research a very interesting and unique vulnerability at the Google Documents resource was found that allowed the addition of random EXCEL formulas into the documents via Google Forms. Using the given vulnerability potential malefactors can obtain critical data from user charts.
Google specialists considered the vulnerability in “elite” sum $1337 class, expressing their surprise and noted the originality of the found attack vector.
Also at the ZeroNights 2011 Conference the results of the “Month of searching for the vulnerabilities” competition from Yandex were summed up.
Alexey Sintsov, the head of information security audit department at ERPScan took the second place and recieved $3000 as well as a place in the Yandex Hall of Fame.
According to an agreement with Yandex, in two months we will be able to reveal technical details of found vulnerability.
It is worth noting that Yandex Company became a pioneer in similar kinds of programs in Russian Internet segment and is not going to stop on conducting of only one competition.
“By these awards, received for the researches, connected with searching for the vulnerabilities in the products of two leading searchers, we clearly demonstrated the highest level of our employees’ qualification, who constantly sharpen their skills, including in the similar researches”-noted Ilya Medvedovsky, ERPScan CEO.
