Fair Use: Please note that use of the Netcraft Blog is subject to our Fair Use and Copyright policies. For more information, please visit http://news.netcraft.com/fair-use-copyright, or email info@netcraft.com.

  1. Security: The Missing Ingredient in Buzz About RSS

    Microsoft's support for RSS (Real Simple Syndication) in its upcoming Longhorn operating system and Internet Explorer 7 browser promises to bring RSS to the masses. Friday's announcement at GnomeDex 2005 generated excitement about new uses for the technology, as well as caution in some quarters about Microsoft's introduction of extensions to RSS.

    But what about security? Microsoft's presentations discuss many new uses for RSS, but integrating RSS into the operating system will likely have hackers contemplating new scenarios as well. RSS is currently consumed through a wide variety of news readers, email clients, web sites and browsers. As RSS becomes a standard feature in IE7 and Longhorn, it may become more attractive to malware authors with an interest in delivering malicious code from the Internet onto RSS-enabled desktops.

    RSS is an XML format that is widely used to syndicate news from weblogs or news sites. RSS can include HTML tags and many types of content, such as the audio files included in "podcasting" feeds, the current rage among bloggers. The format's versatility also could allow malicious content to be included in feeds and executed by newsreaders or browsers. The possible use of RSS to deliver malware and spam was highlighted by Mark Pilgrim in 2003, and tools have since emerged to help check whether a particular newsreader is securely coded.

    (more...)

    Posted by Rich Miller on 25th June, 2005 in Security Share

  2. New Phishing Attacks Eliminate Need for Target Web Site

    New phishing attacks with data collection forms embedded directly in the electronic mails received by victims are inducing victims to send their financial details directly to the phishers via mail rather than through a specially constructed web site mimicking that of the financial institution.

    paypal-email-phish.png

    The HTML emails masquerade as a security check on a PayPal account, with the subject "Validate Your Informations by Email" (sic). The message asks recipients to fill in an HTML form, which includes fields for the user's credit card details, date of birth, Social Security number and mother's maiden name. "Completing all of the checklist items will automatically restore your account access," the email advises. Clicking on "Submit to Secure Server" mails the form's contents to a free email account at Yahoo, using a CGI script hosted by a Brazilian hosting reseller at The Planet.

    (more...)

    Posted by Rich Miller on 24th June, 2005 in Security Share

  3. Outages for LinuxWorld Web Site

    The web site for LinuxWorld magazine was offline for more than two hours yesterday, the latest in a series of performance problems over the last month. While many of the outages have been brief, the sites for LinuxWorld and its parent company, tech publisher Sys-Con Media, were down for more than 12 hours on June 12.

    Linux World web site performance

    A dynamically updating chart of the availability of linuxworld.com is available here.

    (more...)

    Posted by Rich Miller on 23rd June, 2005 in Performance Share

  4. eBay Enters Hosting As Tool to Retain Power Sellers

    eBay has expanded into web hosting in a bid to retain power sellers, who increasingly are looking to expand beyond the borders of eBay's massive online marketplace. The auction giant's new ProStores service offers e-commerce hosting accounts ranging from $6.95 to $249 a month, letting merchants choose from a wide variety of features.

    eBay watchers had been anticipating its move into hosting since the company's January acquisition of Kurant, a developer of e-commerce systems. eBay is using Kurant software to allow sellers to link web sites hosted at third-party providers with eBay's sales databases. "This enables an eBay seller to say 'I'd also like to have an outward-facing web site with the same back end," eBay CEO Meg Whitman said in a May 25 presentation at a Goldman Sachs conference. "You can push the same products to either store. I think it gives our sellers the ability to have a web-based storefront, in addition to an eBay storefront."

    (more...)

    Posted by Rich Miller on 22nd June, 2005 in Hosting Share

  5. Yahoo Domains: $9.95 or $4.98?

    Is Yahoo selling domains for $9.95 or $4.98? That may depend on how and when you navigate to its domain sales page, as Yahoo offers periodic promotions to build interest in its web hosting offerings. On Tuesday, the yahoo.com home page featured domains for $4.98, while ads appearing on Google.com for Yahoo domains were also offering the $4.98 rate. Meanwhile, the smallbusiness.yahoo.com page was listing .com domains for $9.95 a year.

    "Yahoo's standard domain price is $9.95, which is offered on our web site and channel wide 24x7," said Yahoo spokesperson Kelley Podboy. "From time to time, we use promotional pricing (e.g. $4.98) to build awareness of our services and reach new business customers in promotional channels, like Yahoo.com, where we run one-day ads several times a month. Due to the limited nature of this advertising, we hope that visitors respond right away. If they don't, they may pay our standard $9.95 price."

    Yahoo isn't the only provider offering targeted discounts, as 1&1 Internet features regional pricing differences on .com domains (which are $5.99 on 1&1's U.S. site and 8.89 pounds, or $16.21, at its UK site)

    Retail Domain Name Prices, June 2005
    Company One-year
    .com price    		 &nbspPrimary Business&nbsp Primary Region
    Netfirms $4.95 Shared Hosting America
    1&1 Internet AG $5.99 Mixed Hosting Europe
    Hostway $6.95 Shared Hosting America
    Interland $7.95 Mixed Hosting America
    Web.com $7.95 Mixed Hosting America
    AIT Domains $7.99 Mixed Hosting America
    Stargate $8.49 Shared Hosting America
    Go Daddy Inc $9.20 Domain Registrar America
    Yahoo $9.95 Shared Hosting America
    Verio $9.95 Mixed Hosting America
    RegisterFly $9.99 Domain Registrar America
    Netcetera $12.78 Mixed Hosting Europe
    Dotster $14.95 Domain Registrar America
    FastHosts/UKReg $16.24 Mixed Hosting Europe
    Pipex/123Reg $16.42 Mixed Hosting Europe
    eNom $29.95 Domain Registrar America
    Register.com $30.00 Domain Registrar America
    Network Solutions $34.99 Domain Registrar America
    (more...)

    Posted by Rich Miller on 21st June, 2005 in Domains Share

  6. Lax Security Cited in Massive Credit Card Data Theft

    Inadequate security at credit card processor CardSystems Solutions Inc. is being blamed for a break-in that has exposed more than 40 million credit card accounts to potential theft. The company says the system compromise was discovered May 22, after a MasterCard inquiry into a wave of fradulent transactions.

    MasterCard International said it "worked with CardSystems to remediate the security vulnerabilities in the processor's systems. These vulnerabilities allowed an unauthorized individual to infiltrate their network and access the cardholder data." Officials at affected institutions were not specifying the vulnerability and exploit used to breach CardSystems' security. The CardSystems web site runs on the Windows 2000 operating system and Microsoft IIS Server 5.0.

    CardSystems, which processes more than $15 billion in transactions a year for 105,000 small businesses, said it "immediately began a remediation process to ensure all systems were secure," the company said in a statement. "Additionally, CardSystems immediately engaged an independent 3rd party to validate systems security."

    (more...)

    Posted by Rich Miller on 18th June, 2005 in Security Share

Page 1 of 3123