Users of Concurrent Versions System (CVS) software are being urged to patch their systems against an exploit used to hack the project's web site. CVS is a source code maintenance system used by many open source development projects, raising the prospect that the exploit may be used to spread compromised code to developers and end-users who download files from hacked servers.

That risk prompted an alert Friday from US-CERT, the agency coordinating U.S. cybersecurity awareness. The vulnerability in CVS, which allows a buffer overflow, was discovered May 2 by Stefan Esser of e-matters and made public, along with a patch, on May 19. While technically a "local" security hole that can only be exploited by authenticated users, most public CVS servers allow anonymous logins over the Internet. e-matters also identified a security hole in Subversion, a successor to CVS.

The report is based on advanced network simulations by George Mason's Infrastructure Mapping Project. While it focuses on proprietary monopolies held by Microsoft on the desktop and Cisco in the router market, the study also suggests the growing importance of the security of open source products.

The findings contrast with those of a paper released last year by the Computer & Communications Industry Association, Cyberinsecurity: The Cost of Monopoly, which warned that "the identicality and flaw density in the Microsoft Windows monoculture present clear dangers to national security." The paper stirred controversy when one of its authors, Dan Geer, was fired as CTO of @stake, which does business with Microsoft.

"This budget significantly changes the funding model of ICANN, and threatens the existence of a large number of registrars," according to Bhavin Turakhia of Directi, a registrar based in India, who has launched a website protesting the proposed fee changes. "The current budget favors larger registrars and will actually put the smaller and mid-sized ones out of business."

Turakhia represents a group of 26 smaller registrars, who say the new fee structure also hurts international registrars' ability to compete against companies in America, which is home to the industry's largest players. Those larger domain sellers aren't thrilled, either. The new fee structure would likely mean annual fee increases of $536,000 for Network Solutions, $273,000 for Tucows and $253,000 for GoDaddy, according to ICANN's Kurt Pritz.

Given the current competition among discount domain sellers, it appears unlikely that the new fees will lead to higher costs for consumers. 1&1 Internet remains the pricing leader at $5.99 for a one-year dot-com signup, while AIT Domains lowered its price to $6.95. Going the other direction was GoDaddy, which raised its fees to $8.95, the high end of a range in which its prices have fluctuated from month-to-month.

"This marks a huge increase in the volume of phishing attacks," the APWG noted in its monthly report. The April total marks a 4,000 percent increase from November, when just 28 campaigns were reported.

A statement on Akamai's customer site said the company "is aware of a service interuption earlier today affecting content delivery. We have identified the root cause and have implemented the fix. Issues retrieving content should be decreasing or resolved." The language hints at a technical problem rather than a distributed denial of service attack (DDoS), which had been the focus of early speculation. The size of Akamai's network - reports range from 12,000 to 15,000 servers - would seem to make such an attack unlikely.

Everyone has encountered the problem, which manifests itself as the dreaded "404 page not found" message. The trouble is that changes in site design, file directories and domain names can easily make a URL obsolete, with no means of automatically redirecting to the new Internet location (where it exists). What is needed is a standard way of permanently naming a digital resource similar to that provided by the International Standard Book Number (ISBN) for analogue books.

The solution is to move from URLs to URNs: Uniform Resource Names. The important thing about URNs is that they do not point directly to an Internet resource, but are rather a placeholder for the location and other metadata. This means that the URN does not need to change if the URL does: it is enough to update the redirection.

URNs sound great in theory. Unfortunately, progress towards realising them has been slow. One attempt to address what is sometimes called linkrot is the use of PURLs: Persistent URLs. This employs redirection to solve the problem of changes in directory structure, but is basically an adaptation of the URL. More thoroughgoing in its attempt to create full URNs is the Handle system.

This was devised by Robert Kahn, co-inventor of the TCP/IP protocols, and currently President of the Corporation for National Research Initiatives (CNRI). The CNRI site has plenty of information on handles, including a FAQ, articles, papers, full documentation and three related RFCs (3650, 3651, 3652). CNRI also runs a free public handle service for those who wish to try out the system before installing the free server software locally. There is also client software that lets Windows browsers resolve handles directly, and some examples of what handles look like in practice.

"This is a broad subpoena that effectively asks for every single document about the GPL and enforcement of the GPL since 1999," Bradley Kuhn said in the FSF's statement. "They also demand every document and email that we have exchanged with Linus Torvalds, IBM, and other players in the community. In many cases, they are asking for information that is confidential communication between us and our lawyers, or between us and our contributors."

Microsoft has started a new campaign to attract customers to Windows Server 2003 called TryIIS. This campaign is supported by a web site, www.TryIIS.com which was launched last Monday with marketing, evaluations and case studies.

Windows Server 2003 was launched just over a year ago and has seen some strong growth over that time. In the May Netcraft Web Server Survey 2.1M hostnames were identified on Windows Server 2003, with a gain of 390K hostnames since April 2004. Around 50% of these are new sites, while just under 100,000 have migrated from Linux.

Comparing Windows Server 2003 of Windows 2000 shows them to have quite similar adoption rates, as shown in the graph below:

But the new center, which will be able to hold 12,000 servers, isn't large enough to solve The Planet's long-term needs. At the company's current growth rate, the new site will likely be filled within nine months, according to chief operating officer Lance Crosby.

"We continue to scour Dallas and other major market locations for prime data center space," said Crosby. "This facility is about half the space of our primary location, so it's a short-term solution, but we anticipate closing on another new deal in about 90 days."

The Planet has added more than 165,000 hostnames in 2004, growing from 123K to 289K. The number of active sites hosted by The Planet has quadrupled in the past eight months:

The RIAA site was offline from March 17-24 due to the effects of MyDoom.F, which at its height was estimated to have infected as many as 45,000 machines, according to antivirus vendors.

A dynamically updating graph of the sites targeted for DDoS by various MyDoom variants is available here.

Google's relaunch of Blogger was hailed as a welcome update of what was once the biggest blogging service. But Six Apart's launch of Movable Type 3.0 turned into a public relations fiasco, as a new licensing structure quickly eroded the goodwill - and perhaps the user base - for the popular publishing tool.

The company has released updates to fix the security holes, discovered by eEye Digital Security. Secunia termed the flow extremely critical because of the large installed base for the affected Norton Internet Security and Norton Personal Firewall products and the potential for the flaw to be exploited by an auto-propagating worm.

Despite the ease of repair (Symantec users can simply run the products' LiveUpdate auto-update feature), vendors expressed concern about the similarity to the mid-March revelation of a vulnerability in ISS' Black Ice products, which was exploited barely a day later by the Witty worm. That incident raised alarms about "zero day exploits" - attacks published the same day a security hole becomes public, leaving no time for network administrators to repair vulnerable systems.

A few weeks ago I wrote - a little unfairly, perhaps - that blogs were "little more than personal Web pages". Of course, one of the reasons some blogs are interesting is that they can be much more than that, providing an alternative kind of online journalism that is often better informed and far more topical than traditional publications. Moreover, the usefulness of such blogs is increased enormously when news items are syndicated - made available as a feed that can be accessed on a regular basis and displayed automatically on a subscriber's machine. By aggregating many syndicated feeds it is possible to create a powerful form of constantly-updated, personalised information.

Like the basic blog format, syndication is not new. Its roots go back to one of the most discredited ideas of the early dot-com days: push technology. Instead of visiting a Web site, information was sent - pushed - to clients as a "Webcast". Unfortunately, the result was something horribly close to television, complete with intrusive advertising. Worse, the model employed by push pioneers like Pointcast meant that corporate intranets were soon clogged with the constant and redundant transmissions of multimedia content.

Codefish operator Daniel McNamara has spent the past week defending against the attacks. "As far as we can tell the site has not been compromised as yet," McNamara wrote Sunday, saying the hack attempts were "heavy and consistent" included "multiple cross-site scripting attacks as well as SQL injection attempts."

Authorize-It, a Kentucky firm processing online credit card transactions, says it was knocked offline for a week by a DDoS extortion scheme. The attack occurred in mid-April, roughly the same time another online card processor, 2Checkout, was also hobbled by a DDoS blackmail plot. Both 2Checkout and Authorize-It serve the small business e-commerce market.

As a previous column noted, Google represents the culmination of the first Web search engine era. Its rise was due in part to a reaction against the portals and their increasingly baroque attempts to shoe-horn links to huge chunks of the Net into a single Web page. Google is simultaneously the ultimate portal and an anti-portal, with a studiedly minimalist home page (even if the logo varies).

Google has entered the language, the souls and the bookmarks of the world - probably most regular users of the Internet have made Google their browser's start page. Already an essential part of our Zeitgeist, the question is: What new Google will emerge in the wake of its IPO later this year?

But that huge block of hostnames doesn't equate to nearly that many accounts. Over 161K of those hostnames belong to Fabulous.com, and 60K to Domain Active. At the time of auction, C&W's 1,00 hosting customers included General Electric, Starbucks, Office Max, CBS Sportsline and Slashdot.

Q. It's been a year of big gains for Apache, which now runs more than two-thirds of the sites on the Web, according to the Netcraft Web Server Survey, erasing inroads by Microsoft during 2001. What's your take on Apache's continuing gains?

A. I could speculate all day long as to why it's continued to grow, and I'd love to see a real survey done on it. Anecdotally, my take is that I imagine most of the growth continues to be either with the small mom-n-pop companies, or web hosting ISPs, or internationally - all places where price sensitivity is high, where the economic downturn is still causing budgets to be hurt, and there's willingness to consider an Open Source approach to solving a given problem. No doubt the security holes in IIS have continued to plague its reputation, and while there have been some noticed recently (and fixed) in Apache, they have been much less serious. Finally, I imagine the rise of related Apache projects, like the continued rise in use of mod_perl and Tomcat and our friends over at PHP, have only increased the confidence in using the web server for mission-critical situations.

Q. What's your take on the long-term impact of the SCO lawsuits? What changes - positive and negative - do you see it producing for Linux and the open source community?

A. I'm assuming that thanks to the BayStar callback that this lawsuit is nearly dead. Of course SCO, could sue their own financial backers and prolong this further, but it feels like we're seeing the beginning of the end. But while it was alive, it did a lot for Open Source in some unexpected ways. The community at large had taken a largely see-no-evil, hear-no-evil approach to issues around IP ownership, clearance of rights, that sort of thing, except for a few organizations like the FSF and the Apache Software Foundation who actually put effort into collecting license agreements from contributors. Now, developers are more aware than ever that getting a clean history for code matters a great deal.

Four days after Sasser's release, it appears the limited effectiveness of the inital version was likely due to its coding, rather than improved patching of Windows products. Infections grew as new variants were released Sunday and Monday. With Sasser now at version D, media have identified numerous organizations reporting compromised systems, including American Express, Goldman Sachs, Australia's Westpac Bank, Finnish financial company Sampo and British Coast Guard stations. Microsoft reports that 1.5 million users downloaded its cleanup tool via Windows Update, explaining that site's slow performance Monday.

During April, Jumpline, a hosting company which specialises in Virtual Private Server [VPS] solutions, was the most reliable of the hosting company sites we monitor. Second placed was Energis, the UK telco and high end hosting provider, and third was Komplex, the German hosting company which was top during March.

Notably, this month five of the top ten sites were running Linux. This is first time since the performance analysis of hosting company sites started that Linux has been the leading operating system for site reliability. Until now FreeBSD had without exception been the most common operating system amongst the top ten each month. However, this month, the top ten comprises five sites running Linux, three running FreeBSD and one each running OpenBSD and Windows, with Energis running Windows and Secure Dog running OpenBSD.

The rise of phishing has followed a trajectory that is remarkably similar to that of spam. Just as spam originally referred to flooding Usenet newsgroups, rather than email inboxes, so the practice of phishing seems to have started on AOL's online service, rather than on the Internet. Like spam, phishing in the early days was a relatively rare annoyance, but has recently begun growing to epidemic proportions: phishing attacks jumped 43 percent in March 2004, with over 400 unique scams.

Spam makes only the flimsiest attempts to deceive, generally in the Subject line. Once opened, it is usually obvious that the message is a sales pitch. Spam's success is simply a question of mathematics: even if the vast majority of recipients block or delete the message, the huge volume of spam ensures that the absolute numbers of replies are sufficient to warrant the small expense of the spamming.

Phishing, by contrast, is all about subterfuge. Typically, the email purports to be from a well- known organisation: according to the Anti- Phishing Working Group, eBay is the current favourite, with Citibank and PayPal the next most popular choices. To succeed, the phishing email must be as plausible as possible, in order to trick the recipient to move on to the next part of the scam by clicking on an enclosed URL. As a result, phishing email messages have been largely a question of social engineering.

Windows Update site was slowed by heavy traffic last month following the release of four Microsoft security updates fixing critical holes in Windows software. Saturday's Sasser worm used one of those flaws, a buffer overflow in the LSASS Windows networking service, to compromise unpatched machines. It's not yet clear whether today's delays are due to increased patching by tardy network administrators, or some other cause. Microsoft said it addressed last month's performance problems by "adding resources to support Windows Update."

Dynamically updating performance charts for Windows Update are available here.

May was the 16th consecutive month of growth for the Web after a two-year shakeout to absorb the collapse of the dot-com and telecom industries. The upward trend resumed in February 2003, when we detected 35.8 million sites; about the same number as the Dec. 2001 survey.

The rebound in total sites tracks the recovery of the larger Internet economy, as viable companies and business models have emerged from the wreckage of the Internet bubble. Common to the Internet Economy 2.0 is a focus on efficiency and cost management that was largely absent during the boom years of 1998-2000. Recent months have seen reports of strong growth for online ad spending, paid subscription sites, online retail spending, and even modest revivals in venture capital investment and dot-com hiring. On the M&A front, TechDealmaker reported 35 Internet-related acquisitions for the week of April 22-28, valued at $1.5 billion. And, on Thursday Google announced its long-awaited stock offering, leading a pack of web companies readying IPOs.

The first Netcraft survey in August 1995 found 18,957 hosts. Previous milestones in the survey were reached in April 1997 (1 million sites), February 2000 (10 million), September 2000 (20 million) and July 2001 (30 million).

F-Secure reports that the new worm attacks through TCP port 445 (Windows networking), spreads itself through an FTP server on port 5554, and leaves port 9996 open for future exploits. Sasser has received a level 3 rating from Symantec, the middle of its five-point alert scale. Secunia also perceives Sasser as a medium threat, and The Internet Storm Center moved to yellow alert condition, but cautioned that "the exact impact is not clear at this point."