Security issues with Lycos and Google came up in July. They aren't likely to impact many, if any, users, so don't get panicked. Here's a rundown on what happened.
At Lycos, the search engine was found to render some site descriptions as actual HTML code. Specifically, when it saw the characters < and > in a description, rather than render them as text, it was turning them into HTML commands, if they surrounded appropriate tags. For example, if this was in a description:
The security report filed about this makes it sound like it would be fairly easy for someone to get high ranking pages and then take advantage of users by manipulating descriptions in this way. The reality is that such pages are far more likely only to appear for obscure searches, making the value of this hack minimal.
Nevertheless, it should be something that is corrected. Despite having been reported to Lycos in mid-July, the problem was still happening yesterday.
"We are aware of this, and I was assured earlier this morning that our engineers are working on the fix immediately," said Terra Lycos spokesperson Kathy O'Reilly.
Meanwhile, Google's advancements to index dynamic content means that it was possible for crackers to get into DCShop shopping cart systems and perhaps find credit card information. Google has since removed links to dcshop.cgi URLs, once the potential problem was reported.
Search Engines HTML Parsing Vulnerability (Lycos)
SecuriTeam.com, July 27, 2001
Security warning about the Lycos problem. Second URL has additional information.
Lycos Example Query
If the bug is still there, you'll see how an input form appears for this entry (don't worry. There's no security problem with viewing this example).
Google removes links to credit card loophole
Fairfax IT, July 26, 2001
More details about the problem at Google.
Introducing SES Online
Want to view one of the sessions you missed or listen to an especially informative presenter a second time? SES New York sessions are available for purchase on ClickZ Academy's new e-Learning site. SES is now Online!