Security issues with Lycos and Google came up in July. They aren't likely to impact many, if any, users, so don't get panicked. Here's a rundown on what happened.
At Lycos, the search engine was found to render some site descriptions as actual HTML code. Specifically, when it saw the characters < and > in a description, rather than render them as text, it was turning them into HTML commands, if they surrounded appropriate tags. For example, if this was in a description:
The security report filed about this makes it sound like it would be fairly easy for someone to get high ranking pages and then take advantage of users by manipulating descriptions in this way. The reality is that such pages are far more likely only to appear for obscure searches, making the value of this hack minimal.
Nevertheless, it should be something that is corrected. Despite having been reported to Lycos in mid-July, the problem was still happening yesterday.
"We are aware of this, and I was assured earlier this morning that our engineers are working on the fix immediately," said Terra Lycos spokesperson Kathy O'Reilly.
Meanwhile, Google's advancements to index dynamic content means that it was possible for crackers to get into DCShop shopping cart systems and perhaps find credit card information. Google has since removed links to dcshop.cgi URLs, once the potential problem was reported.
Search Engines HTML Parsing Vulnerability (Lycos)
SecuriTeam.com, July 27, 2001
Security warning about the Lycos problem. Second URL has additional information.
Lycos Example Query
If the bug is still there, you'll see how an input form appears for this entry (don't worry. There's no security problem with viewing this example).
Google removes links to credit card loophole
Fairfax IT, July 26, 2001
More details about the problem at Google.
Introducing... ClickZ Live!
SES Conference & Expo has merged with ClickZ to bring you ClickZ Live! The new global conference series takes on the identity of the industry's premier digital marketing publication, ClickZ.com, and kicks off March 31-April 3 in New York City. Join the industry's leading tech-advertisers in the advertising capital of the world! Find out more ››
*Super Saver Rates expire Jan 24.