The U.S. unit of 1&1 Internet has beefed up its domain registration packages in a bid to compete head-to-head with Go Daddy and Yahoo for U.S. business customers, the company said today. 1&1's new plan is stilll priced at $5.99 for a one-year .com registration, but will now include private domain registration, a feature that is a paid add-on at other providers. The enhanced plans also include a 1 gigabyte e-mail account and a web starter page at no additional cost.

The moves by 1&1 will intensify the pitched battle to attract U.S. small business customers launching web sites. 1&1, which is based in Germany and hosts more than 5 million hostnames, says the new bundle will become its standard domain package, and is not a limited-time promotion. The move further blurs any remaining distinctions between hosting providers and domain registrars, as providers in both sectors diversify and use discounts and freebies to acquire customers. Private registrations could be the next battleground in the discount war.

Major weather information sites remained widely available Sunday and Monday as Web users sought the latest information on the path of Hurricane Katrina, which left catastrophic damage in its wake along the U.S. Gulf Coast. The home pages for both the National Hurricane Center and Weather.com performed well throughout Sunday evening and Monday morning as Katrina approached landfall.

Media reports have suggested both sites were unavailable for extended periods. Netcraft's seven monitoring stations found that while response time was slower from some locations (especially for the NHC), there were no outages for either site. The National Hurricane Center said its site received 22 million page views Sunday, with traffic on all NOAA sites approaching 5,200 hits per second at peak demand.

Dynamically updating performance charts are available for Weather.com and the National Hurricane Center. Our monitors track the response time for the home page for each site.

Domain pay-per-click advertising services have come under siege from digital attackers, with distributed denial of service (DDoS) attacks disrupting advertising on hundreds of thousands of parked domains. The attacks in the past week have targeted Sedo and ParkingSite, two of the largest domain monetization services. Both services say they have issued credits to customers to compensate them for service interruptions.

The attacks open a new front in the battle between e-commerce sites and DDoS attackers, who have previously targeted online betting sites, payment gateways and even online games. Sites with large volumes of transactions are the primary targets for a cottage industry of digital extortionists using DDoS attacks, usually launched through large botnets of compromised computers. The sites targeted in the latest attacks have not said publicly whether they received any requests for payment.

(more...)

After years of training customers to trust only SSL-enabled sites, banks are shifting their online banking logins to the unencrypted home pages of their websites. Although the data is encrypted once the user hits the "Sign In" button, the practice runs counter to years of customer conditioning, as well as the goals of the browser makers. Three of the five largest U.S. banks now display login forms on non-SSL home pages, including Bank of America, Wachovia and Chase, as well as financial services giant American Express.

Web sites are generally reluctant to use "https" on busy home pages, since SSL involves a tradeoff: improved security, but slower response time. Consumers, meanwhile, prefer easy to-remember URLs for their online banking. In placing login screens on non-SSL home pages, banks are trying to have it both ways: fast page loading without the SSL-related performance hit. The login form's "action" URL points to an SSL-enabled https URL.

A Cisco security flaw may allow attackers to hack into systems through the intrusion detection system (IDS), Cisco warned Monday in an advisory. An SSL certificate-checking flaw in two Cisco products - CiscoWorks Management Center for IDS Sensors (IDSMC) and Monitoring Center for Security (Secmon) - could allow an attacker to spoof an IDS system and gain access to sensitive data. SSL certificates are used to authenticate Cisco devices and services as they interact with one another.

A successful attacker "may be able to gather login credentials, submit false data to IDSMC and Secmon or filter legitimate data from IDSMC and Secmon, thus impacting the integrity of the device and the reporting capabilities of it," Cisco said. A free software update that corrects the flaw is available from Cisco.