Yahoo has slashed its domain name pricing to $4.98 a year through Dec. 31, continuing a pricing war among major hosting companies. The aggressive move comes just just four months after Yahoo dropped its price to $9.95 a year as part of a major push to expand its share of the shared hosting market.
The new pricing undercuts previous leader 1&1 Internet by nearly a dollar. While 1&1 operates its own ICANN-accredited registry, Yahoo continues to operate as a reseller for Melbourne IT, the Australian domain name registry that focuses on the wholesale market. While it's not known precisely what Yahoo is paying per domain, few registrars offer domains to resellers at prices below $6.50 per domain. Since it is likely selling at a loss, Yahoo has limited the offer to one domain per customer, preventing arbitrage-related bulk purchases by owners of large domain portfolios.
Yahoo's move may be a response to Interland, a major competitor in the small business hosting market, which last month lowered its domain name pricing to $7.95 a year, and was immediately rewarded with a one-month gain of 132K hostnames.
Retail Domain Name Prices, December 2004 Company One-year
Primary Business  Primary Region Yahoo $4.98 Shared Hosting America 1&1 Internet AG $5.99 Mixed Hosting Europe EV1Servers $6.49 Dedicated Hosting America Hostway $6.95 Shared Hosting America Sipence (eNom) $6.95 Domain Registrar America AIT Domains $6.95 Mixed Hosting America Interland $7.95 Mixed Hosting America Web.com $7.95 Mixed Hosting America Go Daddy Inc $8.95 Domain Registrar America Netcetera $9.89 Mixed Hosting Europe RegisterFly $9.99 Domain Registrar America Dotster $14.95 Domain Registrar America FastHosts/UKReg $17.00 Mixed Hosting Europe Pipex/123Reg $17.21 Mixed Hosting Europe Network Solutions $34.99 Domain Registrar America Register.com $35.00 Domain Registrar America
www.georgewbush.com switches to self-hosted FreeBSD server, www.sun.com upgrades to Solaris 9, not 10After www.georgewbush.com stepped away from the Akamai content management service on Nov 24, the site enjoyed a short-lived stay on a Windows 2000 server running Microsoft-IIS/5.0, hosted by the Republican National Committee. By Nov 30, the site had been moved to a FreeBSD server running Apache at BUSHCHENEY2004-65-172-163-128-255.
While response times have been improved since moving to FreeBSD, www.georgewbush.com is simply redirecting visitors to the Republican National Committee web site at www.gop.com; however, making an HTTP 1.0 request to www.georgewbush.com causes it to serve the "Test Page for Apache Installation" instead of instructing the browser to redirect to www.gop.com.
www.georgewbush.com continues to block access based on geographical location. A dynamically updating chart of site performance for www.georgewbush.com is available here
Another notable change was observed on Sun Microsystems’ web site at www.sun.com, which was upgraded from Solaris 8 to Solaris 9 on Nov 30. Sun's tardy approach to running the latest version of Solaris on www.sun.com - Solaris 10 was recently released - is in sharp contrast to Microsoft, who ran www.microsoft.com on Windows 2003 for months ahead of its launch.
Yesterday should have been a day for headlines about progress in the battle against phishing scams. Instead, the news was dominated by a new threat that drove home the need for vigilance on the anti-phishing frontier.
Seeking swifter action against fast-moving phishing scams, some of the Internet's best-known service providers announced plans to share phishing attack data with one another and law enforcement agencies through Digital Phishnet. But even as this anti-phishing dream tream was being unveiled, security researchers revealed a security hole that makes it easier for phishing operations to inject content into legitimate web sites.
Secunia documented a cross-browser security flaw that is likely to be rapidly adopted by phishing operations. The technique uses a specially-crafted link to a legitimate website, which then enables the scammer to place content into pop-up windows opened during the session - including data collection forms that spoof the design of the legitimate site.
Mac enthusiast sites hosted on Linux include MacDailyNews, MacWorld and MacCentral. Running on FreeBSD are MacintoshOS, MacMinute and the entire Mac News Network group of sites, including MacSurfer, Apple Insider, Mac Observer and the MacNN main site.
Only about 60K hostnames worldwide are currently hosted on the Mac OS, and just eight hosting firms house more than 1,000 Mac-based hostnames. The largest, with 4K hostnames, is Natel.net, an ISP in Fairfield, Iowa.(more...)
A facility in SunTrust Bank's www.suntrust.com web site is allowing fraudsters to inject their own code into the site to obtain SunTrust customer account authentication details, and at least one fraudster has exploited this error by sending large numbers of electronic mails purporting to be from SunTrust, asking the user to confirm their bank account on his form, executed from SunTrust's web site.
The phishing emails received by Netcraft contain the following HTML to create a hyperlink to the SunTrust web site:
Fraudsters have noticed opportunities in SunTrust's internet banking operations previously, and a similar attack was executed in September.
Careless application errors and inadequate testing are believed to be an industry wide problem for internet banking, and even though it would seem to the man in the street appalling that someone could run a fraud from a bank's own site, SunTrust competitors are unlikely to be strongly critical through fear of similar problems with their own facilities.
Netcraft has highlighted the threat of cross site scripting and script injection used for fraud, and provides a range of services for banks and other financial institutions to try and eliminate these kinds of errors from their systems, including comprehensive application testing and training for developers and designers of web based applications.
Lycos Europe says it is officially ending its MakeLoveNotSpam anti-spam campaign, saying the controversial campaign has accomplished its objectives. The company also said traffic from users of the MakeLoveNotSpam screensaver wasn't responsible for outages at two spammer sites targeted during the attacks.
"Lycos has decided to close down its Make Love, Not Spam website," said spokesperson Malte Pollmann. "The aim of the campaign was to ignite a debate about anti-spam measures. We feel that we have achieved this through our activity and will now continue that debate with others in the email industry. We hope that this will lead to further new and innovative solutions to the problem of spam."
The company also says a published list of sites affected by traffic from the screensaver represented "historic data" and not ongoing activity. Netcraft used the list as a guide in analyzing the screensaver's impact, monitoring three sites which Lycos cited as being hardest hit by its campaign. Our analysis found two of the three sites cited by MakeLoveNotSpam were not available, and attributed this status to traffic generated by the screensaver. Lycos Europe says its attacks on those particular sites had already ceased.(more...)