The Search Engine Update, Jan. 25, 1998 - Number 21

===================
About The Update
===================

The Search Engine Update is a twice-monthly update of search engine news. It is available only to those people who have subscribed to Search Engine Watch, http://searchenginewatch.com/.

Please note that long URLs may break into two lines in some mail readers. Please cut and paste, should this occur.

===================
In This Issue
===================

+ Site Updates
+ Excite Search Software Bug Found
+ Excite To Acquire MatchLogic
+ Search Engine Articles

===================
Site Updates
===================

I've added a new Search Engines And Capitalization page within the subscribers-only area, in the Projects in Progress Section. Many people worry about whether they need to capitalize terms in meta tags, and this page answers those questions. In short, a survey I did found 80% to 90% of people search in the lower case -- so relax about it.

I've also updated the More About Meta Tags page, with some tips on how to make your keywords work harder without having to repeat them unnecessarily. It's in the More About section.

Both pages can be found in the Subscribers Only area:
http://calafia.com/subscribers/

===================
Search Engine News
===================

Excite Search Software Bug Found

A security bug was found in the Excite search software that is used by many webmasters to index their web sites. Those running Excite For Web Servers 1.1 should download a free patch to correct it. The bug affects both Unix and Windows NT operating systems.

The bug does not affect the Excite web site. Visiting the site or doing searches does not cause a security problem for users. This is an issue only for webmasters running EWS 1.1. Version 1.0 is unaffected.

The bug was first reported on BugTraq in December, in a message that was also copied to an Excite administrative address. The message was overlooked, causing the company to scramble when it was alerted to the bug on Jan. 12 by Wired News.

Excite readily admitted to being embarrassed that the message slipped through the cracks and pledged that such a thing wouldn't happen again.

"That was definitely something we have dealt with in a significant fashion," said product manager Kris Carpenter. "We're going to reduce the complexity of communicating with us and make it absolutely clear, 'This is how to reach us.'"

The bug allows those knowledgeable about system administration to execute commands and read files via information relayed through the search box, but only on systems with lax security.

"It would require that the webmaster left the server open more than normal," said Carpenter. "The extent of the possible impact is in most cases going to be minimal," though she added, "We definitely are very concerned the impact it could have had on the web community."

The person who discovered the bug, Marc Merlin, agreed that the impact would be limited on a secure system, but he noted that many systems are left unprotected.

"It is true that the impact for very well maintained systems is minimal, but there are too many Unix machines that are vulnerable one way or another," Merlin said.

E-mail has been sent by Excite to those who have downloaded the software in the past, informing them of the patch. The company has also temporarily removed the software from its servers. It's considering whether to make a bug fix or to simply remove the software from circulation altogether.

Excite gets no income from the software. It has been always been free, though a few support contracts were once sold. These expired at the end of 1996. Since then, it has been offered completely unsupported, as a benefit to webmasters.

Excite Security Notice
http://www.excite.com/navigate/download.html

The patch, FAQs and information from Excite about the bug.

Excite Bug Discovered
Webpedia, Jan. 1998
http://www.webpedia.com/features/reports/ews/

More technical details about the bug, and how to patch it.

CGI security hole in EWS (Excite for Web Servers)
BugTraq Archives, Dec. 1997
http://www.netspace.org/cgi-bin/wa?A1=ind9712c&L=bugtraq#7

The original bug report, with technical details

Excite Moves to Patch Search Software
Wired, Jan. 14, 1998
http://www.wired.com/news/news/technology/story/9649.html

Excite bug opens Unix servers
News.com, Jan. 13, 1998
http://www.news.com/News/Item/0,4,18039,00.html

Excite Search Bug Threatens Web Sites
Wired, Jan. 12, 1998
http://www.wired.com/news/news/technology/story/9618.html

================================

Excite To Acquire MatchLogic

Excite announced Jan. 15 that it would acquire MatchLogic in a stock swap valued at $89 million. MatchLogic provides banner ad server technology and other online advertising services.

Excite said it is making the move to better serve its own advertisers and to gain revenue by providing MatchLogic's services to others. MatchLogic will begin serving ads on Excite and WebCrawler in March.

Excite Buys Ad Tracking Firm in Stock Deal Worth $120M
Web Week, January 19, 1998
http://www.webweek.com:80/current/news/19980120-excite.html

===================
Search Engine Articles
===================

The Search Engines Search For Answers
Yahoo Internet Life, Feb. 1998
http://www.zdnet.com/yil/content/mag/9802/searchtoc.html

A comprehensive look at the various issues surrounding the desires of advertisers and the need for search engines to maintain impartial listings. Quotes and examples of retailer partnerships, positioning issues, and more.

Search engine shoot-out: top engines compared
Cnet, Feb. 1998
http://www.cnet.com/Content/Reviews/Compare/Search2/

Cnet gives HotBot top honors, especially for its fresh index. Infoseek ranks second in a photo finish and gets a perfect 5 for accuracy. However, Infoseek may well be entitled to first place. The review gave it a low score for lacking advanced search capabilities, which Infoseek actually has. AltaVista also gets an honorable mention. WebCrawler gets locked out, lumped in with directories, though it has a comparable size to Open Text and is far more up-to-date.

Yahoo Email Scam Resurfaces
Wired, Jan. 13, 1998
http://www.wired.com/news/news/technology/story/9641.html

Yahoo gets hit by another email scam. As an attempt to curb this kind of activity in their free email service, email addresses at Yahoo Mail can no longer contain the words "winner" or "contest."

===================
End Notes
===================

To unsubscribe from this list, send a message to majordomo2@calafia.com, with the following in the subject field:

unsubscribe searchupdate

If you have problems, just send a message to subscriptions@calafia.com

This newsletter is Copyright (c) Mecklermedia. It should not be distributed. If you are not a subscriber and somehow are receiving a copy of the newsletter, learn how to subscribe at:

http://searchenginewatch.com/subscribe.htm