Security issues with Lycos and Google came up in July. They aren't likely to impact many, if any, users, so don't get panicked. Here's a rundown on what happened.
At Lycos, the search engine was found to render some site descriptions as actual HTML code. Specifically, when it saw the characters < and > in a description, rather than render them as text, it was turning them into HTML commands, if they surrounded appropriate tags. For example, if this was in a description:
The security report filed about this makes it sound like it would be fairly easy for someone to get high ranking pages and then take advantage of users by manipulating descriptions in this way. The reality is that such pages are far more likely only to appear for obscure searches, making the value of this hack minimal.
Nevertheless, it should be something that is corrected. Despite having been reported to Lycos in mid-July, the problem was still happening yesterday.
"We are aware of this, and I was assured earlier this morning that our engineers are working on the fix immediately," said Terra Lycos spokesperson Kathy O'Reilly.
Meanwhile, Google's advancements to index dynamic content means that it was possible for crackers to get into DCShop shopping cart systems and perhaps find credit card information. Google has since removed links to dcshop.cgi URLs, once the potential problem was reported.
Search Engines HTML Parsing Vulnerability (Lycos)
SecuriTeam.com, July 27, 2001
Security warning about the Lycos problem. Second URL has additional information.
Lycos Example Query
If the bug is still there, you'll see how an input form appears for this entry (don't worry. There's no security problem with viewing this example).
Google removes links to credit card loophole
Fairfax IT, July 26, 2001
More details about the problem at Google.
Last Week to Save on SES London Tickets!
Learn to engage customers and increase ROI by distributing your online marketing efforts across paid, owned & earned media. Join the leaders of today's digital marketing & advertising industry at SES London. Find out more ››
*Saver Rates expire this Friday, Dec 13.