Archive for Bing

A Simple Developer Mistake Could Have Led To Takeover

Posted in Commentary with tags on April 4, 2023 by itnerd

Discovered by the Wiz cloud security firm and dubbed BingBang, this vulnerability allowed researchers to change the top results in Microsoft’s Bing search engine and access any user’s private files by simply logging into an unsecured web page.

The vulnerability is centered on the Microsoft Azure Active Directory and would allow any Azure user in the world to log into it without proper credentials. All it took was a misconfigured app.

In this case it was the Bing trivia app:

After recognizing these issues and their potential impact, the researchers started scanning for vulnerable applications (multi-tenant apps lacking proper validation) on the internet. The results were shocking – approximately 25% of the multi-tenant apps they scanned were vulnerable.  

Most surprisingly, the list included an app made by Microsoft itself, named “Bing Trivia.”
Because this app was misconfigured, the researchers were able to log in to it with their own Azure user.

To verify that this CMS was indeed controlling Bing’s live results, they selected a keyword in the CMS and temporarily altered its content. They chose the “best soundtracks” search query, which returned a list of highly recommended movie soundtracks.

They then proceeded to change the first result, “Dune (2021),” to their personal favorite, “Hackers (1995),” and pushed it to production. Their new result, complete with their title, thumbnail, and arbitrary link, immediately appeared on

Researchers then found they could run Cross-Site Scripting (XSS) attacks, and since Bing and Office 365 are integrated, an attacker could access Bing users’ Office 365 data, including Outlook emails, calendars, Teams messages, SharePoint documents, and OneDrive files. The researchers reported the flaw to Microsoft and it was patched shortly afterward, resulting in a $40,000 bug bounty reward.

Brad Hong, Customer Success Lead, had this to say:

   “The BingBang incident is a reminder that passwords and simple misconfigurations are still the number one attack vector for attackers. Seemingly arbitrary in nature, it can have severe consequences on an organization’s security posture. In this case, a misconfigured application made it possible for researchers to not only gain access to Microsoft’s Azure Active Directory without proper credentials, but then from a privileged perspective chain together and execute exploits on additional vulnerabilities after making their way into the castle.

   “Incidents like this validate why the industry is moving away from vulnerability models and into exploitability management, as the misconception is dispelled that attackers are looking to execute zero days, but rather the easiest ways to get in. It additionally highlights the necessity to continuously attack your own infrastructure to identify as the organization’s offerings and architecture change, new or extended vulnerabilities that can be leveraged to get in. It’s also a great reminder that as the world begins to consolidate software offerings, that linkages created between them in the name of convenience and accessibility can also become its greatest downfall.”

Luckily this was caught by a team of security researchers rather than threat actors, otherwise this could have gone very, very sideways. This goes to prove that anyone can screw up and everyone needs to be on their toes when deploying code into a public facing environment.

Bing Bleeds Cash Says Microsoft

Posted in Commentary with tags , on September 24, 2011 by itnerd

For most companies, when a business unit bleeds cash like a gunshot victim in Compton you dump it. But that’s not apparently how it works at Microsoft. Their search engine Bing has lost $5.5 billion since it launched in 2009. But much like the Cylons, they have a plan to stop the bleeding:

Stefan Weitz, Microsoft’s director of Bing, believes that if Bing can change the way people think about search, sooner or later users will switch over from Google.

“Our challenge is that no one wakes up in the morning and says, ‘I really wish there was a better search engine,'” Weitz said. “That’s why, for us, it’s always been about figuring out how to accomplish more than we thought was possible with a search engine. Eventually, people will expect to do more with search, and if they can’t, they’ll be disappointed.”

I really doubt that will work. People are so used to Googling things that they would have to work extremely hard to change people’s search habits. The only good part about this is that Microsoft is swimming in so much cash that they can wait this out and see if they can win market share one user at a time.

Bing Produces Pro Microsoft And Anti Apple Results? Maybe. Maybe Not…

Posted in Commentary with tags , on August 6, 2009 by itnerd

Is it business as usual with Microsoft when it comes to search engines and the competition? According to Shane O’Neill, you simply have to take the search query “Why is Windows So Expensive” and see that it might be. He got “Why are Macs so expensive?” at the top of the search results. He’s even got a screen shot to prove it. What does he think about this? Simple:

If Microsoft is going to resort to blocking and self-protection with their search engine, they could at least be subtle. This is about as subtle as a machine gun.

Now when I ran the same query, I didn’t get the “Why are Macs so expensive?” at the top of the list, but I got it further down. That could mean any number of things. Microsoft moved it down the list so that it doesn’t appear that they’re taking shots at Apple, or what the author got was a fluke are the top two on my list.

I’m leaning towards fluke at the moment. Why?

Take the queries Xbox so expensive, Microsoft Windows expensive, and Microsoft sucks. Those return the results that I would expect. So there doesn’t appear to be any bias so far. Plus if you search for “Who is more evil than Satan himself” in Bing, it brings up Microsoft as I would expect it to.


Bottom line, from where I stand there isn’t any proof that Microsoft has slanted search results in their favor. Having said that, is the one calling them on it if they are. Keep in mind that is a site aimed at upper management. So this isn’t some Apple fanboi whining about this.  That might be something that might hinder the acceptance of Bing in the corporate environment.

Microsoft may want to keep that in mind…. If they are screwing with search results (and even if they’re not).

Bing Serves Porn From Its Own Domain To Protect You

Posted in Commentary with tags , on June 17, 2009 by itnerd

You might remember that I made a passing reference to the fact that Microsoft’s Bing search engine makes it real easy to find porn. Microsoft has now decided that it porn needs its own “red light district.” How does this work? Here’s a brief description from the Bing Community Blog:

First, potentially explicit images and video content will now be coming from a separate single domain, This is invisible to the end customer, but allows for filtering of that content by domain which makes it much easier for customers at all levels to block this content regardless of what the SafeSearch settings might be. This makes it much easier for filtering software to block unwanted content if SafeSearch has been turned off.

In addition, we will begin returning source url information in the query string for images and video content so that companies who already use this method of filtering will be able to catch explicit content on Bing along with everything else they are already blocking for their customers.

I’ll give Microsoft points for this. They’ve come up with a solution that allows companies and schools to filter X rated content easily, without affecting those who don’t care or are lonely and horny. That’s the sort of balance that’s needed in the world. We need more of that.

Bing Passes Yahoo…. Still Miles Behind Google

Posted in Commentary with tags , on June 8, 2009 by itnerd

Here’s the good news if you’re a Bing fan. You’re #2 according to Statcounter (via IT Pro):

StatCounter said it took just days for Microsoft’s recently revamped search to overtake it’s rival – and former acquisition target – Yahoo, with Bing taking 16.28 per cent of the US market to Yahoo’s 10.22 per cent by the end of last week. Google still holds 71.47 per cent.

As of last week, globally Bing held 5.62 per cent of the market, just pipping Yahoo at 5.13 per cent. Both are miles behind Google’s 87.62 per cent, however.

So I guess spending at least $80 million does buy you market share. Also, given the circus that was Microsoft’s attempt to buy Yahoo, it must make Microsoft CEO Steve Ballmer feel really good.  However, there are questions about Bing’s ability to stay at #2:

“It remains to be seen if Bing falls away after the initial novelty and promotion but at first sight it looks like Microsoft is on to a winner,” said Aodhan Cullen, chief executive of StatCounter, in a statement on the site’s blog.

Indeed, today Bing appears to have dropped back down to MSN’s usual 2.5 per cent market share.

Microsoft better get on the ball, or face having that money wasted. That of course assumes that people are willing to abandon Google.

Bing Is Alive! [UPDATED]

Posted in Commentary with tags , on June 1, 2009 by itnerd seems to be accepting search queries as I type this. So I’ve played with it for a bit and I have a few first impressions:

  • It has a video preview feature that allows you to move your mouse cursor over a video that you might be interested, and Bing will play it for you. Just be careful about previewing NSFW stuff at work though.
  • Along the left side you can see categories, a search history and related searches. A very handy feature. Although Google will do the same thing if you click “Show Options…” But it does allow you to drill down to what you’re looking for easily.
  • Shockingly, Bing’s features worked with Firefox.
  • Being Canadian, I tried some Canadian queries. It was 50/50 at best.

I’ll play with it some more today, but there’s really nothing here that will tear me away from Google. At least not yet. Perhaps some more time with it will change my mind.

UPDATE: The Telegraph has a story about how Bing can be used to access porn. This might be how Bing will become popular! Not only that, someone has registered the domain name which redirects to

Microsoft’s Bing Search Engine Seems To Be Working… Not For The Public Though…

Posted in Commentary with tags , on May 29, 2009 by itnerd

I found something interesting when I checked my blog stats today. When I looked at where my traffic comes from, I noticed this:


Note the third item on this list. It looks like Bing has been searching for the term “let me bing that for you.” It must have found those words from my original post about Bing. So it seems that Microsoft is using Bing internally, likely testing things out at this point. It’s still not available to the general public though. Perhpas that means that it’s not far away from being released?

Microsoft Drops At Least $80 Million To Market Bing….. Wow!

Posted in Commentary with tags , on May 29, 2009 by itnerd

Advertising Age is running a story that pegs the total value of Microsoft’s Bing marketing efforts to be at least $80 Million:

The software giant is set to launch an $80 million to $100 million campaign for Bing, the search engine it hopes will help it grab a bigger slice of the online ad market. That’s a big campaign — big compared with consumer-product launches ($50 million is considered a sizable budget for a national rollout) and very big when you consider that Google spent about $25 million on all its advertising last year, according to TNS Media Intelligence, with about $11.6 million of that focused on recruiting. Microsoft, by comparison, spent $361 million. Certainly Google has never faced an ad assault of anything like this magnitude.

JWT has been tapped for the push, which will include online, TV, print and radio. Another sign of the campaign’s size: At a time when most agencies are laying people off, JWT added creatives on the Microsoft business last week.

That kind of cash will get Bing lots of attention. Will it be enough to convince people to switch from Google? I don’t know, but we’re about to find out.

Microsoft Overhauls Search Site…. Will It Be Enough To Stop People From Using Google?

Posted in Commentary with tags , on May 28, 2009 by itnerd

In its ongoing but futile attempt to fight Google, Microsoft has announced Bing which is its new search engine. But it’s no ordinary search engine according to Microsoft:

Based on the customer insight that 66 percent of people are using Internet search more frequently to make complex decisions,* Microsoft identified three design goals to guide the development of Bing: deliver great results; deliver a more organized experience; and simplify tasks and provide insight, leading to faster, more confident decisions. The new service, built to go beyond today’s search experience, includes deep innovation on core search areas including entity extraction and expansion, query intent recognition and document summarization technology as well as a new user experience model that dynamically adapts to the type of query to provide relevant and intuitive decision-making tools.

Hmmm…. Sounds interesting. But will it stop me from using Google? I don’t know. First, there’s the name. Saying “let me Bing that for you” doesn’t sound as sexy as “let me Google that for you.” And what if this search engine bombs the way Live Search bomed? Are they going to call the next search engine they come up with “Bong?”

Seriously though, I don’t know how this search engine is going to do in an already crowded marketplace. Google pretty much owns search and I can’t see this making any sort of meaningful dent. Second, if you take a visit to and watch the video (Which oddly enough is done in Adobe Flash and not Microsoft Silverlight. WTF? Don’t they use their own products?), a lot of the things that they mentioned seem kind of Google-ish to me. Perhaps when the search engine actually appears and I get to play with it, I may feel differently.