Hunkered down in a data center on an upper floor of a New Orleans office building, a skeleton crew of staff at DirectNIC have kept the domain registrar operating throughout Hurricane Katrina and the catastrophic flooding that has engulfed the city. "We haven't lost service once during this entire disaster, and we have three weeks of backup power secured," CEO Sigmund Solares said on the DirectNIC website. "Our staff is safe and well - some have been working around the clock in New Orleans to keep clients running smoothly, and other employees have left to safer locations to keep an eye on the network from afar."

DirectNIC is housed on the 10th and 11th floors of a 27-floor office tower near Lafayette Square, a portion of the city that has escaped the worst of the flooding. Employees have live-blogged their efforts and posted photos of the storm's impact on the DirectNIC facility. An on-site webcam broadcast video of looting on surrounding streets. DirectNIC is the world's 11th-largest registrar, with more than 1.1 million domains registered. It is part of InterCosmos Media group, which also operates hosting/colocation provider Zipa.

The U.S. unit of 1&1 Internet has beefed up its domain registration packages in a bid to compete head-to-head with Go Daddy and Yahoo for U.S. business customers, the company said today. 1&1's new plan is stilll priced at $5.99 for a one-year .com registration, but will now include private domain registration, a feature that is a paid add-on at other providers. The enhanced plans also include a 1 gigabyte e-mail account and a web starter page at no additional cost.

The moves by 1&1 will intensify the pitched battle to attract U.S. small business customers launching web sites. 1&1, which is based in Germany and hosts more than 5 million hostnames, says the new bundle will become its standard domain package, and is not a limited-time promotion. The move further blurs any remaining distinctions between hosting providers and domain registrars, as providers in both sectors diversify and use discounts and freebies to acquire customers. Private registrations could be the next battleground in the discount war.

Major weather information sites remained widely available Sunday and Monday as Web users sought the latest information on the path of Hurricane Katrina, which left catastrophic damage in its wake along the U.S. Gulf Coast. The home pages for both the National Hurricane Center and Weather.com performed well throughout Sunday evening and Monday morning as Katrina approached landfall.

Media reports have suggested both sites were unavailable for extended periods. Netcraft's seven monitoring stations found that while response time was slower from some locations (especially for the NHC), there were no outages for either site. The National Hurricane Center said its site received 22 million page views Sunday, with traffic on all NOAA sites approaching 5,200 hits per second at peak demand.

Dynamically updating performance charts are available for Weather.com and the National Hurricane Center. Our monitors track the response time for the home page for each site.

Domain pay-per-click advertising services have come under siege from digital attackers, with distributed denial of service (DDoS) attacks disrupting advertising on hundreds of thousands of parked domains. The attacks in the past week have targeted Sedo and ParkingSite, two of the largest domain monetization services. Both services say they have issued credits to customers to compensate them for service interruptions.

The attacks open a new front in the battle between e-commerce sites and DDoS attackers, who have previously targeted online betting sites, payment gateways and even online games. Sites with large volumes of transactions are the primary targets for a cottage industry of digital extortionists using DDoS attacks, usually launched through large botnets of compromised computers. The sites targeted in the latest attacks have not said publicly whether they received any requests for payment.

After years of training customers to trust only SSL-enabled sites, banks are shifting their online banking logins to the unencrypted home pages of their websites. Although the data is encrypted once the user hits the "Sign In" button, the practice runs counter to years of customer conditioning, as well as the goals of the browser makers. Three of the five largest U.S. banks now display login forms on non-SSL home pages, including Bank of America, Wachovia and Chase, as well as financial services giant American Express.

Web sites are generally reluctant to use "https" on busy home pages, since SSL involves a tradeoff: improved security, but slower response time. Consumers, meanwhile, prefer easy to-remember URLs for their online banking. In placing login screens on non-SSL home pages, banks are trying to have it both ways: fast page loading without the SSL-related performance hit. The login form's "action" URL points to an SSL-enabled https URL.

A Cisco security flaw may allow attackers to hack into systems through the intrusion detection system (IDS), Cisco warned Monday in an advisory. An SSL certificate-checking flaw in two Cisco products - CiscoWorks Management Center for IDS Sensors (IDSMC) and Monitoring Center for Security (Secmon) - could allow an attacker to spoof an IDS system and gain access to sensitive data. SSL certificates are used to authenticate Cisco devices and services as they interact with one another.

A successful attacker "may be able to gather login credentials, submit false data to IDSMC and Secmon or filter legitimate data from IDSMC and Secmon, thus impacting the integrity of the device and the reporting capabilities of it," Cisco said. A free software update that corrects the flaw is available from Cisco.

The deployment of a global caching system brings faster and more consistent response times to people using the toolbar throughout the world. Additionally it helps the toolbar system scale smoothly, as the numbers of people using the toolbar have grown quickly since the release of the Firefox version of the toolbar in May.

Mirror Image’s system provides a substantial performance improvement as shown by the response time for the toolbar with Mirror Image (blue), compared to before (green):

Mirror Image's global content caching and distribution network has provided perceptible improvements in response times for the toolbar throughout the world. The toolbar's response time, as measured by our monitors in seven data centers, had been averaging 0.29 seconds. The shift to Mirror Image has accelerated performance, reducing the toolbar's average response time to 0.12 seconds, with reductions of between 47 and 74 percent from various points around the globe.

The toolbar community is effectively a giant neighborhood watch scheme, in which the most alert and expert members act to defend the larger community of users against phishing frauds. Once the first recipients of a phishing mail have reported the target URL, it is blocked for toolbar users who subsequently access the URL. Widely disseminated attacks (people constructing phishing attacks send literally millions of electronic mails in the expectation that some will reach customers of the bank) simply mean that the phishing attack will be reported and blocked sooner.

The Phishing Site Feed is also available to ISPs and Enterprises who wish to protect their customers or employees against phishing.

A computer worm disrupted the networks of U.S media organizations today, but has had no visible impact upon major web sites. The worm, which uses a vulnerability in Windows PnP to target Windows 2000 machines, knocked computers offline at CNN, ABC News and the New York Times. The damage appears to be limited to internal corporate networks, as the web sites of the U.S. Fortune 100 show no unusual outages, including the 18 companies in the index hosted on Windows 2000. Likewise, Britain's FTSE 100, which has 36 sites running on Win2K, shows no suspicious performance problems either.

Working exploits for new Windows vulnerabilities began appearing on the Internet last Thursday, just two days after the security holes were outlined in Microsoft's monthly security advisory. Over the weekend the Zotob worm appeared, compromising unpatched Windows 2000 machines.

Exploits are circulating for at least two new vulnerabilities in Microsoft software, barely two days after the critical security holes were disclosed in security advisories. The swift availability of working exploit code provides additional incentive for Windows users to update their systems promptly following the monthly release of security patches.

Microsoft acknowledged Thursday that "detailed exploit code " had been published for a vulnerability in Plug and Play technology that could allow a remote attacker to take control of a Windows machine via the Internet, with Windows 2000 systems being at particular risk. "Users running Windows 2000 are vulnerable to a potential worm attack that would take advantage of this flaw," noted security research firm eEye Security. The vulnerability, known as MS05-039, is addressed in the latest Windows Update patches issued Tuesday.

The market for resold domains continued to trend higher with a series of spectacular deals this month. Meanwhile, prices for first-time domain registrations can't get much lower, with pricing unchanged at all major providers this month.

The sales of website.com and property.com for $750,000 apiece set the pace in the resale market. The mid-July sale of website.com was the highest sale price this year, according to auctioneer Sedo.com, topping the $700,000 sale of Local.com in March. The buyer, Hub Services Ltd., operates DotEasy, a free hosting service in British Columbia. That price was matched early this month when New Jersey commercial real estate professional Ted Kraus sold property.com for $750,000 in a private sale, with industry veteran Rick Schwartz reported to be the buyer.

As in July, pricing for first-time domain sales remained stable, with no significant price changes by major providers.

Jumpline, France Telecom and Pair Networks share the top slot as as the most reliable hosting company sites this month.

Pair, a Pittsburgh, Pa. shared hosting company, is a regular in our survey, with numerous top 10 appearances in addition to being the most reliable provider in February 2005, July 2004 and February 2004. Jumpline was previously the most reliable provider in April 2004. The Columbus, Ohio provider specializes in virtual private servers. France Telecom made its first appearance in our reliability survey in May.

This month Linux, Windows and FreeBSD all have 3 sites each in the top 10, with one running Solaris.

The Web Server Survey marks its 10th anniversary this month with a milestone, as we now find more than 70 million web sites on the Internet. The August 2005 survey received responses from 70,392,567 sites, an increase of 2.8 million hostnames. This gain, together with the last month's increase of 2.7 million sites, marks the biggest two-month increase in the history of our survey. It comes just five months after the survey crossed the 60 million mark in March of this year, another sign that Internet growth is eclipsing even the torrid pace of the dot-com boom.

The first Netcraft survey in August 1995 found 18,957 hosts, with the NCSA web server dominating with 57 percent market share, leading CERN (19%) and a newcomer named Apache (3.5%). Microsoft's Internet Information Server launched in February 1996, and by the survey's fifth birthday the server market was largely divided up between Apache (62%) and IIS (19%).

That trend has continued, with Apache extending its share to nearly 70 percent this month as the survey has returned to its trend of incremental changes in share for Apache and Microsoft. Both are seeing steady growth, as Apache has added 11.9 million sites since last August, while Microsoft servers have added 10.7 million.