Microsoft's support for RSS (Real Simple Syndication) in its upcoming Longhorn operating system and Internet Explorer 7 browser promises to bring RSS to the masses. Friday's announcement at GnomeDex 2005 generated excitement about new uses for the technology, as well as caution in some quarters about Microsoft's introduction of extensions to RSS.

But what about security? Microsoft's presentations discuss many new uses for RSS, but integrating RSS into the operating system will likely have hackers contemplating new scenarios as well. RSS is currently consumed through a wide variety of news readers, email clients, web sites and browsers. As RSS becomes a standard feature in IE7 and Longhorn, it may become more attractive to malware authors with an interest in delivering malicious code from the Internet onto RSS-enabled desktops.

RSS is an XML format that is widely used to syndicate news from weblogs or news sites. RSS can include HTML tags and many types of content, such as the audio files included in "podcasting" feeds, the current rage among bloggers. The format's versatility also could allow malicious content to be included in feeds and executed by newsreaders or browsers. The possible use of RSS to deliver malware and spam was highlighted by Mark Pilgrim in 2003, and tools have since emerged to help check whether a particular newsreader is securely coded.

New phishing attacks with data collection forms embedded directly in the electronic mails received by victims are inducing victims to send their financial details directly to the phishers via mail rather than through a specially constructed web site mimicking that of the financial institution.

The HTML emails masquerade as a security check on a PayPal account, with the subject "Validate Your Informations by Email" (sic). The message asks recipients to fill in an HTML form, which includes fields for the user's credit card details, date of birth, Social Security number and mother's maiden name. "Completing all of the checklist items will automatically restore your account access," the email advises. Clicking on "Submit to Secure Server" mails the form's contents to a free email account at Yahoo, using a CGI script hosted by a Brazilian hosting reseller at The Planet.

The web site for LinuxWorld magazine was offline for more than two hours yesterday, the latest in a series of performance problems over the last month. While many of the outages have been brief, the sites for LinuxWorld and its parent company, tech publisher Sys-Con Media, were down for more than 12 hours on June 12.

A dynamically updating chart of the availability of linuxworld.com is available here.

eBay has expanded into web hosting in a bid to retain power sellers, who increasingly are looking to expand beyond the borders of eBay's massive online marketplace. The auction giant's new ProStores service offers e-commerce hosting accounts ranging from $6.95 to $249 a month, letting merchants choose from a wide variety of features.

eBay watchers had been anticipating its move into hosting since the company's January acquisition of Kurant, a developer of e-commerce systems. eBay is using Kurant software to allow sellers to link web sites hosted at third-party providers with eBay's sales databases. "This enables an eBay seller to say 'I'd also like to have an outward-facing web site with the same back end," eBay CEO Meg Whitman said in a May 25 presentation at a Goldman Sachs conference. "You can push the same products to either store. I think it gives our sellers the ability to have a web-based storefront, in addition to an eBay storefront."

Is Yahoo selling domains for $9.95 or $4.98? That may depend on how and when you navigate to its domain sales page, as Yahoo offers periodic promotions to build interest in its web hosting offerings. On Tuesday, the yahoo.com home page featured domains for $4.98, while ads appearing on Google.com for Yahoo domains were also offering the $4.98 rate. Meanwhile, the smallbusiness.yahoo.com page was listing .com domains for $9.95 a year.

"Yahoo's standard domain price is $9.95, which is offered on our web site and channel wide 24x7," said Yahoo spokesperson Kelley Podboy. "From time to time, we use promotional pricing (e.g. $4.98) to build awareness of our services and reach new business customers in promotional channels, like Yahoo.com, where we run one-day ads several times a month. Due to the limited nature of this advertising, we hope that visitors respond right away. If they don't, they may pay our standard $9.95 price."

Yahoo isn't the only provider offering targeted discounts, as 1&1 Internet features regional pricing differences on .com domains (which are $5.99 on 1&1's U.S. site and 8.89 pounds, or $16.21, at its UK site)

Inadequate security at credit card processor CardSystems Solutions Inc. is being blamed for a break-in that has exposed more than 40 million credit card accounts to potential theft. The company says the system compromise was discovered May 22, after a MasterCard inquiry into a wave of fradulent transactions.

MasterCard International said it "worked with CardSystems to remediate the security vulnerabilities in the processor's systems. These vulnerabilities allowed an unauthorized individual to infiltrate their network and access the cardholder data." Officials at affected institutions were not specifying the vulnerability and exploit used to breach CardSystems' security. The CardSystems web site runs on the Windows 2000 operating system and Microsoft IIS Server 5.0.

CardSystems, which processes more than $15 billion in transactions a year for 105,000 small businesses, said it "immediately began a remediation process to ensure all systems were secure," the company said in a statement. "Additionally, CardSystems immediately engaged an independent 3rd party to validate systems security."

After years of explosive growth in customers and hosted sites, EV1Servers is now focusing on growth in its profit margins. After launching the discount dedicated server craze with $99 a month pricing, CEO Robert Marsh says EV1Servers wants to win long-term customers, rather than price wars.

"Price produced numbers, but service produced profits," said Marsh. In September, EV1Servers expanded its offerings to include virtual private servers (VPS), storage solutions and managed services. Most importantly, it began selling fewer servers at higher prices. The company's hottest sellers are no longer $99 boxes but Intel dual Xeon servers selling for $399 to $499 apiece. "They sell out almost as soon as they are available," said EV1's Isabel Wang.

EV1Servers began life as Rackshack, growing from 200,000 hostnames in early 2003 to more than 1 million this month. That rapid growth has meant heavy investment, including the expansion of one data center, the purchase of a second facility, as the cost of adding more than 10,000 web-visible servers between September 2002 and April 2004. While EV1Servers has added fewer servers over the past year, growth in hostnames and active sites has continued.

Adobe's PDF viewing software could expose sensitive information to remote attackers, and the company is urging users to either upgrade their software or turn off support for JavaScript in PDF files. The affected software includes Adobe Reader 7.0 and 7.0.1, and Adobe Acrobat 7.0 and 7.0.1 on both Windows and Mac.

"If an XML script is embedded in JavaScript, it is possible to discover the existence of local files, Adobe said in an advisory. "An attacker could then use the information gathered for malicious purposes. However the impact is minimized due to the fact that the existence of local files can only be discovered if the complete filenames and paths are known in advance by the attacker."

Hosting automation providers are targeting "converged services," positioning their software to help hosting providers sell new high-margin services to customers. Investors see promise in the trend, as indicated by today's announcement that three venture capital firms are investing in SW Soft.

SW Soft is one of the leading players in the market for automation tools, which allow hosting providers to use web-based control panels to place advanced site management tools in the hands of customers. More than 5,000 hosting firms are using SW Soft's software, according to President and CEO Serguei Beloussov. "The hosting automation industry is far from done," Beloussov said at last week's HostingCon conference. "Our products will grow and change over the next two years."

That change will be seen in a range of new services delivered through automation software, including margin-boosting add-ons for hosting companies who face shrinking profit margins on core hosting plans. "Traditional services are getting commoditized," said Sandip Gupta, president and CEO of Ensim, another automation provider. "The average revenue per user is decreasing. Margin is going down. You need to introduce new services. The outlook for converged hosted services has never looked better."

Fraudsters are aggressively attacking smaller financial institutions, casting a wider and deeper net as they expand their target list beyond the largest banks and online retailers. Within a 24-hour period early this week, the Netcraft Toolbar community reported attacks on six different regional US banks or credit unions, none of which had previously been targeted by phishing scams. This flurry was followed by attacks on several more fresh targets, including banks whose operations are limited to a single U.S. state.

The message to the financial community is clear: there is no security by obscurity when it comes to phishing. Institutions that have fancied themselves too small or too local to be a useful target for phishers may soon find themselves attacked. In recent weeks convincing spoofs have emerged mimicking the web sites of financial institutions with modest assets and customer counts. Many of these spoof sites operate from servers in Korea, Taiwan, China and the Far East, as well as U.S. hosts.

By spreading their attacks to a larger number of targets, fraudsters are increasing their chances of success. In some cases, smaller targets offer distinct advantages when it comes to launching phishing attacks. Credit unions are usually affiliated with a particular company, university or government agency, which allows fraudsters to target a defined set of e-mail addresses that are likely shared by all members. This can offer the fraudster the opportunity of achieving near blanket coverage amongst the institutions' customers, while decreasing the time required to send the mails, and thereby increasing the effectiveness of the attack.

Smaller financial institutions who have not yet implemented a plan for dealing with phishing attacks will need to act with some urgency, as they can reasonably expect to be targetted.

1&1 Internet has become the first hosting company with more than 5 million web-facing hostnames, while Go Daddy has surged past the 4 million mark in a month of milestones in our Hosting Provider Switching Analysis. Other hosts hitting major benchmarks this month included Yahoo and EV1Servers each surpassing 1 million hostnames.

1&1 Internet has been the largest host since the inception of our switching analysis in 2002, but Go Daddy is making up ground quickly, having added a million hostnames since January of this year. By comparison, 1&1 passed 4 million sites in July 2004, taking 11 months to add its next million hostnames.

Fraudsters are using bank mergers as an opportunity to craft customized phishing scams timed to transitions between the banks' online systems, hoping that customer awareness of mergers will bring more bites on "bait" emails.

Wachovia Bank issued a warning about phishing emails "designed to capitalize on our merger activities. We will not send any conversion communications by email during the merger," said Wachovia, which is currently integrating the operations of SouthTrust. The bank said all information about the online migration of SouthTrust customers will either be sent by U.S. mail or through internal messages to customers using the online banking system.

The wide adoption of online banking means that most industry mergers will include a consolidation of IT systems and customer accounts, offering phishing crews a steady supply of migration scenarios to target. There were about 1,500 bank mergers per year in the U.S. between 1996 and 2002, according to the Federal Reserve.

The hosting industry's sustained growth has grabbed the attention of Wall Street, which has steered clear of the sector in recent years. That interest is likely to spur a fresh round of financings and deals, according to investment bankers.

"Investment dollars are definitely looking to go to work in the hosting space," said Peter Hopper, president of DH Capital LLC, a New York-based investment firm specializing in the hosting sector. "This is very different from a couple of years ago. The capital is starting to flow back in. There's no question about that."

Hopper spoke at Monday at HostingCon.2005, a two-day event which drew nearly 600 hosting professionals to the Hyatt Regency O'Hare in Chicago. Hopper noted that investor sentiment on hosting had been shaped by the bankruptcies of the dot-com boom years. "That view is beginning to change," said Hopper. "There are a lot of private companies that are getting huge and knocking the cover off the ball." That improved outlook is likely to mean more mergers and acquisitions, and an improved environment for hosting companies seeking to raise funding through private investment or even public stock offerings.

HostingCon features 28 sessions on industry issues, as well as keynote addresses by Robert Marsh (CEO, EV1Servers), Sandip Gupta (CEO, Ensim Corporation), Serguei Beloussov (CEO, SWsoft) and Pascal Martin (GM for Hosting Solutions, Microsoft).

Hostway and Energis share the top slot as as the most reliable hosting companies site this month, followed by Go Daddy, Datapipe, INetU and France Telecom. Hostway, which is based in Chicago and has operations in six countries, was also the most reliable hoster in April 2005. Energis provides connectivity to Netcraft, but has no particular advantage over any other hosting company site in the performance analysis, as none of the performance data collection machines are on the Energis network.

Notably half of this month's top 10 are running Windows. Recent months have seen a real mixture of operating systems in use on the most reliable sites, in contrast to the early months when FreeBSD dominated the upper end of the table.

In the June 2005 survey we received responses from 64,808,485 sites, an increase of 1.27 million from last month's survey. In the first six months of the year, the Internet has added 7.83 million sites, a pace which approaches the torrid growth rate of 2000, when the Web added 16.1 million sites. By comparison, the survey added 10.4 million sites in 2003 and 10.9 million in 2004.

The bulk of this year's growth has occurred in the United States, with a gain of 5.14 million hostnames. Other countries with strong growth in the survey thus far in 2005 include Germany (+575K), The United Kingdom (+436K), South Korea (+237.9K) and Sweden (+143K).