Lycos Raises Concerns About Outdated Security

Now this is a name I have not heard in the news for a long time. For those of you who are old enough to remember the internet in its original form, Lycos may bring up some fond memories of perusing newsgroups and playing text-based RPG games. I can remember a time when this was actually my favorite search engine, and a driving force in the development of the web. They hold the distinction of being the first internet company to go public, making them the first profitable dotcom business.

Security analysts at an independent company have completed a thorough review of this search engine and its accompanying email service. What they found is nothing short of shocking. They found that email usernames and passwords were being sent over the internet using a non-encrypted HTTP protocol. This mistake would have been excusable back in the company’s heyday, but we have come a long way since the early nineties.

While there aren’t very many people still using the search engine, the company’s email service is still quite popular because of its smooth, easy to use interface. Admittedly, it is hard to keep email secure. Like it or not, this has always been an inherently unsecure communication method. And since your email is used to login and register with virtually every website you use, getting your email password can be used to access other accounts by changing the password.

Part of the issue here is that this company is no longer owned by the same people who made it famous. The company has switched hand many times, and its ownership is now spread out over 24 countries due to its acquisition by a large digital marketing company. It must be very hard to hold anyone accountable in such a situation! And to make matters worse, the company is now trying to get in on the security ring market. If you haven’t heard of them, these are simply scannable rings that can be loaded with electronic money or used for identity verification.

Apparently, all of the smart IT security people at this company have long since been fired. Most websites switched to the more-secure (though not airtight) HTTPS protocol quite some time ago. Whoever is running security these days must not be very qualified. The company launched an anti-spam website as part of a larger campaign, only to be swiftly targeted by hackers. A DDos attack took the site down within hours.

The company’s response to this problem was so inept and confusing, they were actually accused of attacking themselves as a way to mask takedowns of other sites. In reality, there seems to be a lot of confusion over these events. Some say it was a simple DDos attack, some say that they hacked the DNS instead of the company’s own servers, and some say that the company got angry and attempted to use outlaw methods to take down several pages that were deemed as the source of the hack.

All of this only showcases the importance of keeping up with the times, especially in the security department. Criminals, and those who attempt to stop them, are constantly changing their tactics and methods in an attempt to stay one step ahead of each other. In this high-information conflict, the dinosaurs must either evolve or go extinct.