As Internet security threats multiply, redesigns of e-commerce sites can introduce a lot more than a sleek new user interface. Tower Records recently settled charges with the U.S. Federal Trade Commission, which sued the company last year after a redesign of its online music store introduced security holes that exposed customers' personal information.

The lapse violated federal law as well as Tower's privacy policy, according to the FTC, which warned that online merchants and banks will be held accountable for lax security auditing of redesigns. "In a fast moving world of electronic commerce, change is inevitable," said Howard Beales, Director of the FTC’s Bureau of Consumer Protection. "Companies must have reasonable procedures in place to make sure that changes do not create new vulnerabilities." The consent agreement requires Tower to have its web site audited by third-party security professionals every two years for the next 10 years.

While the open source community works on developing affordable substitutes for Cisco routers, Cisco itself is using Linux to power its Application and Content Networking System (ACNS), a caching and content delivery product for enterprise companies.

ACNS allows an IT staff to manage the flow of complex applications, audio and video over Cisco devices on a large network, with customers including Reuters, Siemens Medical Solutions and the U.S. Department of Veterans Affairs.

"ACNS has been based on a Cisco-modified version of Linux since its initial release," said Cisco spokesman Charles Sommerhauser. "There were earlier generations of related products that also ran on this OS. We use Linux on some of our products in order to integrate Linux-based applications."

The Windows MS04-011 security patch includes a bug that crashes some Windows 2000 machines, according to Microsoft. Nearly 39 percent of web-facing SSL servers are running Windows 2000, according to our March SSL Survey, making it the most widely deployed operating system for SSL systems by a margin.

The security update, arguably one of the most critical Windows security fixes ever, addresses 14 separate security holes. Among them is a Windows SSL vulnerability targeted by several published exploits, which has raised concerns of a major Internet security event. The PCT and SSL 2.0 protocols targeted by the exploit are enabled by default in Win2K.

Our Hosting Provider Network Performance summary provides current information on the uptime for web sites of major hosting companies.

Born in Mexico City, Miguel de Icaza was the driving force behind the creation of the Gnome free software desktop, and co-founded the open source company Ximian, bought last August by Novell. In July 2001, he helped start another ambitious project, Mono: a free implementation for GNU/Linux of Microsoft's .Net framework. He talks to Glyn Moody about Mono's progress, how Ximian was bought by Novell, and why he is so scared of Microsoft's Longhorn.

Q. How has your vision of Mono changed since you began the project, and what are the main aims of Mono today?

A. A lot of the things that Microsoft was addressing with .Net were touching on existing pain points for us. We've been using C and C++ way too much - they're nice, but they're very close to the machine and what we wanted was to empower regular users to build applications for Linux. Windows has a lot of tools that address a particular problem but on Linux we're kind of on our own in terms of development So when Microsoft came out with this [.Net] thing, initially what we saw was very interesting, and that's how the project got started. But as people got together and started to work and collaborate on this effort, a couple of things happened.

The first one is that there was more and more momentum behind building APIs that were compatible with the Microsoft ones. Novell and Ximian were focused just on the core and C#; a lot of the people who came and contributed software to the project were interested in Windows Forms, or ASP.Net or Web services or databases, which were part of the Microsoft stack.

And at the same time we have grown organically a stack completely independent of the Microsoft stack, which we call the Mono stack but it includes things like tools for doing GUI development for Linux - that was one thing that we were very interested in and we actually invested a lot of effort into that.

So today at the core we still have Mono, which is what we wanted to do, and now we've got two very healthy independent stacks: the Microsoft-compatible stack for people who want to bring their applications from Windows to Linux, and also this completely new and fresh stack of things that in some cases are portable from Linux to Windows, and in some cases are very, very Linux specific.

Q. Microsoft doesn't seem to be making so much noise about .Net these days: what's your view of .Net's progress at the moment: how is it shaping up as a platform for writing software?

CrystalTech President and CEO Tim Uzzanti said the pressure to reach new prospects in the price-sensitive hosting industry was a major factor in seeking an acquirer. "The problem is that marketing a single product or service line to what is a largely untapped market costs money, and those costs are generally passed on to the end user in the form of higher service fees or other add-ons." The deal allows CrystalTech's hosting services to be marketed to NewTek's base of existing customers.

Scanning of port 443 increased late last week, according to the SANS Institute, which urged administrators running Windows servers to install the patch issued by Microsoft. Port 443 is used by SSL, which encrypts sensitive information for e-commerce transactions. Several published exploits allow attackers to gain control of unpatched Windows SSL servers and any customer data stored on them.

"Internet hackers based in Brazil, Germany and the Netherlands have launched attacks against some of Australia’s largest financial institutions over the Anzac Day long weekend," Internet Security Systems said in a press statement, saying the activity became pronounced Thursday evening. "By Friday 8 am the attacks had escalated significantly and by lunch time we became aware that hackers were trying to infiltrate many of Australia’s largest financial institutions," said ISS (Australia) Managing Director Kim Duffy. "Hackers have now developed and published three attack ‘tools’ and, as these tools become more widely available, it is expected that the target base will grow and include government and commercial."

The San Diego web hosting company said the links had been installed by a company hired to optimize Aplus.net's search engine ranking, and that it had completely removed the hidden links from customer sites. "We didn't apply enough control over what our subcontractor was doing," said Ivan Vachovsky, CEO of Aplus.Net. "We have changed our procedures so that it never happens again."

Aplus.net used a technique known as "cloaking," detecting when Google's spider was visiting any of its customer sites, and then inserting HTML code with the terms "Web Hosting," "Dedicated Servers" and "Domain Names," all linked to aplus.net.

It is a moot point whether the first Web era began with the announcement of the general availability of Tim Berners-Lee's initial code; with Mosaic, the first popular browser; or with Netscape Navigator, its commercial offspring and nemesis. But the Web only turned from an exciting technology into a mass medium once directories like Galaxy and Yahoo, and early search engines such as Lycos, the World Wide Web Worm and Webcrawler, provided ordinary users with something just as important as the browser, and complementing it: a way to find things.

Subsequent developments in the navigational field were largely a matter of scaling-up. Those around at the time will probably remember the excitement in early 1996 when Digital's Altavista first appeare d offering an unprecedented full-text search of no less than 16 million Web pages. The culmination of what might be called Web Search 1.0 was, of course, Google. Forget about the fancy algorithms: what really counted was the fact that it was just so much bigger than anything that had gone before.

Today, though, sheer size is not enough. It has been claimed that Google employs 100,000 computers for its search platform - making it the biggest and highest-profile deployment of GNU/Linux in the world. But its store of 4 billion pages is only 20 times the current number on the upstart search engine Gigablast, which runs on just eight servers, and which ultimately aims to index 5 billion pages.

Subject: "Osama Bin Laden Captured",

Message text: "Hey, Just got this from CNN, Osama Bin Laden 
has been captured! Go to the link below to view the pics and 
to download the video if you so wish: (Internet address) 
"Murderous coward he is." God bless America!"

The code published Wednesday by The Hackers Choice web site has already been downloaded more than 2,200 times. "This particular exploit, now that it's moved to root access, has a very high likelihood of someone writing a new worm (or as the current trend is, patch one of the current worms or bots) to take advantage of this one," the SANS Institute warned. "Be sure to install the MS04-011 Security Update or be prepared to rebuild the IIS server later."

March saw a substantial increase in attacks on Citibank, which was the target in 98 scams, up from 58 in March. eBay properties remained the top target for phishers, with 110 attacks targeting its eBay auction site, while another 63 targeted its PayPal payment subsidiary. Fleet Bank seems to have moved onto phishers' radar as well, being targeted by 23 attacks in March, up from just two in January. Britain's Barclays (11), America Online (10) and Australia's WestPac (10) were among other favored targets.

Only the math had changed. But the emergence of a workable exploit for an old TCP security hole prompted a secret initiative to fix the Internet, giving network operators a week to secure vulnerable routers. The clandestine repair effort livened an already intense period for security pros already juggling a bevy of Windows security patches.

The TCP issue publicized yesterday was publicly known as early as 1998. It allows an attacker to reset an existing TCP session using specially crafted TCP packets. Most TCP sessions are short-lived, so the vulnerability has little impact, but certain critical protocols, such as Border Gateway Protocol (BGP), depend on long-lived sessions. The weakness, which affects widely-used Cisco and Juniper routers, can be addressed by using MD5 authentication to secure BGP sessions, a step most ISPs had never taken because an exploit seemed mathematically implausible.

Paul Watson came up with a more efficient way of exploiting the vulnerability, making the attack much faster, particularly for attackers controlling "bot networks" of compromised machines. The clock began ticking March 14, when Watson announced plans to present a paper on "specific security problems in the TCP protocol" at the CanSecWest conference on April 21.

Working exploits have been released for a Windows SSL vulnerability which leaves servers open to a denial of service (DoS). Code for the exploit, known as SSL Bomb, was released last Wednesday, just a day after the vulnerability was described in Microsoft's recent security updates. Malformed SSL packets can force Windows 2000 and Windows XP machines to stop accepting SSL connections, and cause Windows Server 2003 to reboot.

Although this flaw is only a DoS weakness, servers with this bug will also be at risk of the other vulnerabilities addressed in the same update. Several of these vulnerabilities can be used to compromise servers, and "exploits with remote code execution may be expected soon," according to the SANS Institute, which is publishing detection signatures for the evolving exploit code. Microsoft says the vulnerability exists on any unpatched system that uses SSL, including Internet Information Server (versions 4.0, 5.0 and 5.1), Exchange Server (5.5, 2000 and 2003) and SQL Server 2000.

Phishing trojans are typically auto-downloaded from a bogus web page, and secretly log keystrokes as the victim visits an online banking site. Barclays uses a two-step login that includes a secret word as well as the usual username and passord. After the initial login screen, a second page presents a pair of drop-down boxes in which bank customers must select letters from their secret word. Because the secret word is never typed into the keyboard, trojans are unable to capture all the info needed to access the Barclays account.

The "Purchase confirmation" trojan, documented at Codefish Spamwatch, has evolved its multi-faceted attack to address this obstacle.

"2Checkout continues to fight an extortion based ('Pay us or else we will continue to attack') DDOS attack," the company said earlier this week. "We apologize for any service interruptions. Rest assured that our full staff in addition to some consultants are working relentlessly in conjunction with our providers to combat and minimize any effects of the attack."

Will Monday, 5 April 2004, be celebrated as the day Microsoft began turning into an open source company?

At first sight, the Windows Installer XML (WiX) toolset released then is just the latest piece of software distributed under Microsoft's Shared Source Initiative. This is the company's increasingly complex attempt to steal some of open source's thunder by offering classes of users degrees of access to the underlying code - mostly to look at, but in certain circumstances to touch, too.

Microsoft's nervousness about letting others see its source can be judged by the plethora of different licensing schemes now available. It is also reflected in the low- key description of the "WiX Shared Source Licensing Program". It is only when you follow the link to the SourceForge page where the project is hosted that you discover that WiX is being released under a licence that is fully approved by the Open Source Initiative. In other words, WiX is Microsoft's first open source code.

The service is struggling for availability at a crucial moment of need for Windows users. Microsoft yesterday released four security updates, including three critical patches that Microsoft urged customers to install immediately. They include a patch for an SSL vulnerability that leaves Windows 2000 and NT4 SSL sites open to remote compromise. The current sluggish performance of Windows Update is a particular challenge for Windows users on dial-up Internet connections, as the Windows XP download is 3 megabytes.

"After the release of yesterday's security updates, the number of requests to Windows Update was double the usual volume," said a Microsoft spokesperson. "The slowdowns didn't last very long. We've added some system resources to support Windows Update, and are not seeing much trouble anymore."

This morning the DNS for windowsupdate.microsoft.com was being managed by Savvis Communications though its Digital Island content distribution network (CDN). CDNs help manage Internet traffic (including DDoS attacks) by using large, geographically distributed networks of servers to move files closer to the end user. Microsoft used a CDN service from Akamai to keep its web site online last August, when the Blaster worm programmed machines to launch a DDoS on the Windows Update site. Microsoft's strategy drew considerable attention, as the front page of the www.microsoft.com site was served by Linux machines on Akamai's network. Today Savvis was using Windows Server 2003 to manage the Windows Update traffic. This evening the site is being served from a netblock assigned to Hotmail, Microsoft's e-mail service.

The vulnerability was revealed Tuesday by Internet Security Systems, which warned that "hackers will aggressively target this vulnerability given the high-value nature of Web sites protected by SSL," which secures web sites for online banking, stock trading and retailing. Microsoft issued a critical security update Wednesday to address the vulnerability, which allows a buffer overflow in Private Communications Transport (PCT) packets. "An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft said in its advisory, adding that "only systems that have SSL enabled" are vulnerable. SSL is only commonly used protocol for encrypted transactions of financially important or confidential information on the Web.

More than 132,000 web-facing SSL servers are running either Windows 2000 or Windows NT4, according to our March Secure Server Survey, representing nearly 45 percent of all SSL servers. The PCT and SSL 2.0 protocols targeted by the exploit are enabled by default in Win2K and NT4.

Go Daddy and eNom may be benefiting from speculative purchases amid growing awareness of improvements in the domain resale market. The planned sale of whitehouse.com (a porn site often confused with whitehouse.gov) gained widespread media notice in the U.S. last month, with many stories noting the sale of men.com for $1.3 million in December. In the first quarter of 2004, at least 24 domains changed hands for $25,000 or more at auction, according to domain industry observers.

Discount-hungry domain purchasers have a new business model to consider, as Go Daddy rolled out Blue Razor Domains, a "membership discount club" where users pay an annual membership fee to obtain deeper discounts than those available through Go Daddy or its Wild West Domains reseller program. Blue Razor, an accredited ICANN registrar, is targeting its offerings to bulk purchasers who actively track existing domains. The $19.95 annual membership fee provides only a tiny advantage on .com pricing ($6.85 versus Go Daddy's current $6.95 price) but more significant discounts on private registrations, monitoring and back-ordering.

Go Daddy president Bob Parsons said the model for Blue Razor is similar to that pursued by U.S. discount retailer Wal-Mart, which targets slightly different niches with its flagship Wal-Mart and Sam's Club, a "membership warehouse" program offering discounted bulk goods in a no-frills environment.

As the standard history from the Internet Society notes, the "key underlying technical idea" of the Internet was open architecture networking - the ability to link together completely different networking technologies provided they followed the appropriate protocols. The idea arose in the early days of networking research out of the need to find a way to allow packet radio links to interoperate with conventional landline connections, and eventually led to the drawing up of the fundamental TCP/IP that underpins the Internet.

The theoretical ability to access the Internet via radio links may go back to the Net's origins, but in practical terms progress since then has been slow. The two main second- generation (2G) wireless air interfaces - the way the information is encoded as a radio signal - employed by mobile phones, CDMA (Code Division Multiple Access) and GSM (Global System for Mobile communications), are hamstrung by very limited data transmission speeds.

During March, Komplex, a leading German hosting company site went through the month without any failed requests. Apart from Komplex, which runs Linux, the Top 10 places were almost evenly split between FreeBSD and Windows, with five of the top 10 hosting company sites running FreeBSD, and four on Windows.

SCO filed its $1 billion action against IBM on 6 March 2003, alleging "misappropriation of trade secrets, tortious interference, unfair competition and breach of contract". The complaint states that "Prior to IBM’s involvement, Linux was the software equivalent of a bicycle. UNIX was the software equivalent of a luxury car." Since then, there have been numerous petitions, claims and counterclaims from both sides.

On March 1, EV1Servers becoming the first publicly identified company to have paid SCO to settle its disputed legal claims involving Linux. Our March data shows EV1Servers with a net gain of more than 28K hostnames on Linux, as calls for a boycott appear to have had little impact. About 37K hostnames moved from EV1Servers to other providers in the March tracking period - less than February's total of 44k and only slightly higher than the six-month average of 31k departures per month - while 32K hostnames migrated in from other providers.

In the April 2004 survey we received responses from 49,750,568 sites.

"This is one of the most sophisticated phishing attacks that we have yet detected," said Dave Jevans, chairman of the Anti-Phishing Working Group (APWG). "Because the fake Address bar remains installed even after you leave the phisher's site, there is a possibility that a phisher could use this technique to secretly track every web site that you visit."

The new technique targets Citibank, commencing with e-mails bearing the subject "Verify your E-mail with Citibank." The IP address for the spoofed page (http://69.56.202.82) is part of a block of addresses assigned to The Planet, a large hosting provider in Dallas, and was still active as of yesterday.