1. Clinton and Obama XSS Battle Develops

    While Clinton and Obama are battling it out in the political arena, security researchers are continuing to find vulnerabilities in the candidates' and supporters' websites. Interestingly, while a typical exploit is to redirect one party's site to their opponent's, the reasons for seeking to discover such vulnerabilities are not always politically motivated.

    votehillary-resized.png

    Following the recent cross-site scripting attacks against Barack Obama's website, Finnish security researcher Harry Sintonen has published an example of a cross-site scripting vulnerability on votehillary.org.

    Sintonen's example submits a POST request to the Vote Hillary website and injects an iframe, causing the site to display the contents of Barack Obama's website. Unlike the Obama incident, which redirected the user's web browser, Sintonen's method retains the votehillary.org URL in the address bar while displaying the opposing website.

    Sintonen told Netcraft that he was inspired by the recent Obama attacks and first examined Hillary Clinton's official website at www.hillaryclinton.com. Sintonen did not find any cross-site scripting vulnerabilities on this site, adding that it looked quite secure, but subsequently found XSS opportunities available on the Vote Hillary website. Sintonen lives in Finland and has no strong interest in US politics.

    While the example exploits have so far been relatively benign (limited to redirecting a user to the opponent's website, for example), future cross-site scripting vulnerabilities found on political candidate sites have plenty of scope to be much more serious. Obama's and Clinton's websites both accept monetary contributions towards their campaigns, so cross-site scripting vulnerabilities could be leveraged to steal money and identities from supporters.

    Sintonen told Netcraft he informed the webmasters of votehillary.org about this cross-site scripting vulnerability two days ago, but has not yet received a response.

    Posted by Paul Mutton on 24th April, 2008 in Security

  2. CNN Site Bears the Brunt of Chinese Attackers

    The CNN News website has twice been affected since an earlier distributed denial of service attack last Thursday. CNN fixed Thursday's attack by limiting the number of users who could access the site from specific geographical areas.

    p-84553.26.png

    Subsequently, an attack was purportedly organised to start on Saturday 19th April, but cancelled. However, our performance monitoring graph shows CNN's website suffered downtime within a 3 hour period on Sunday morning, followed by other anomalous activity on Monday morning, where response times were greatly inflated.

    Netcraft is continuing to monitor the CNN News website. Live uptime graphs can be viewed here.

    Posted by Paul Mutton on 22nd April, 2008 in Performance

  3. Hacker Redirects Barack Obama’s site to hillaryclinton.com

    A security weakness in Barack Obama's website has been exploited to redirect visitors to Hillary Clinton's website. Visitors who viewed the Community Blogs section of the site were instead presented with Clinton's website as a result of a cross-site scripting vulnerability.

    hillary.png
    Barack Obama's visitors were redirected to this site.

    A user named Mox, from Liverpool, IL, posted an apparent confession in the Community Blogs section on the Barack Obama website yesterday. The subject of the post was, "I am the one who "hacked" Obamas site."

    Mox plays down the matter by saying that all he did was exploit some poorly written HTML code before suggesting that it was a cross-site scripting vulnerability that had been exploited. By allowing users to enter characters such as > and " into their blog URLs, JavaScript could be injected into pages in the Community Blogs section and would be executed by subsequent visitors.

    A YouTube clip from zennie62 demonstrates the attack. The clip shows a user clicking on the Community Blogs section of the Barack Obama site, which subsequently causes the browser to redirect to hillaryclinton.com. The author speculates that "Senator Clinton's staffers possibly hired someone to hack into the Barack Obama website system." No evidence is offered to back up this statement.

    obama-xss.png
    Another vulnerability found on the Barack Obama site.

    While Mox states that the original issue has now been fixed, a number of similar vulnerabilities have since been identified and remain unfixed, and are documented on xssed.com, which notes that such vulnerabilities open up opportunities to infect Obama's supporters and site visitors with malware, adware and spyware.

    Posted by Paul Mutton on 21st April, 2008 in Security

  4. April 2008 Web Server Survey

    In the April 2008 survey we received responses from 165,719,150 sites. Most of this month's growth of 3.1 million sites is seen in the US, with Google's Blogger service alone adding 1.1 million extra sites.

    lighttpd loses a small number of sites this month, but still maintains a significant foothold in our survey with 1.5 million sites. lighttpd is used to serve some of the content for YouTube, Wikipedia and meebo, and is open sourced under the revised BSD license.

    Largely due to the growth at Blogger, Google's developer share increases by 0.54% to 6.08% this month, while Apache falls by 0.27% and Microsoft by 0.14%. In absolute terms, this still means that Apache has gained slightly more sites than Google's 1.07 million, while Microsoft gains 847 thousand sites.

    While Blogger continues to run a very large number of sites, Google's new App Engine service is unlikely to make much of an impact on our survey in the immediate future. A limit of 10,000 accounts has been put in place during the preview release stage, and each developer can only create a maximum of three applications.

    Total Sites Across All Domains August 1995 - April 2008

    Total Sites Across All Domains, August 1995 - April 2008

    Graph of market share for top servers across all domains, August 1995 - April 2008

    Top Developers
    DeveloperMarch 2008PercentApril 2008PercentChange
    Apache82,454,41550.69%83,554,63850.42%-0.27
    Microsoft57,698,50335.47%58,547,35535.33%-0.14
    Google9,012,0045.54%10,079,3336.08%0.54
    lighttpd1,552,6500.95%1,495,3080.90%-0.05
    Sun546,5810.34%547,8730.33%-0.01

    (more...)

    Posted by Netcraft on 14th April, 2008 in Web Server Survey

  5. INetU is the Most Reliable Hosting Company Site in March 2008

    Ranking by Failed Requests and Connection time,
    March 1st – 31st 2008

    performance_march2008.png

    INetU is the most reliable hosting company site for March 2008, closely followed by Express Technologies.

    INetU is an enterprise managed hosting company located in Allentown, PA. They have been in business since 1996 and notably offer a 100% uptime service level guarantee. INetU's clients include Fortune 500 companies such as Microsoft, Intel, Northrop Grumman and Canon.

    Express Technologies acquired Hosting.com in June 2004 and the Express Technologies website now points to their new home at Hosting.com. The company also partners with DreamHost to provide managed hosting, server colocation and virtual servers running on VMware ESX.

    Three of March's top ten hosting companies run Windows Server 2003 on their main sites, while two use Linux and two use FreeBSD.

    (more...)

    Posted by Paul Mutton on 14th April, 2008 in Hosting, Performance

  6. Google Spreadsheets vulnerability exposes IE users’ Gmail, Documents and more

    An interesting cross-site scripting (XSS) vulnerability found in the Google Spreadsheets service would have allowed attackers to gain unauthorised access to other Google services, including Gmail and Google Docs.

    The vulnerability was discovered by security engineer Billy Rios, and takes advantage of nuances in the way Internet Explorer handles Content-Types for webpages.

    Google Spreadsheets XSS

    When a spreadsheet is saved and downloaded in CSV format, the Content-Type is set to "text/plain", thereby instructing the client's browser that the document should be treated as plain text. However, if HTML tags are entered into the first cell of the spreadsheet, Internet Explorer detects these tags near the start of the CSV document and instead deduces that it should be treated as HTML. This essentially allowed arbitrary HTML webpages to be served from spreadsheets.google.com, which in turn allowed JavaScript to be executed in the context of the spreadsheets.google.com site. A remote attacker could exploit this weakness by stealing the user's session cookies and hijacking their session.

    Rios points out that Google cookies are valid for all google.com sub domains. This means that when a user logs in to Gmail, the Gmail cookie is also valid for other Google services, such as Google Code, Google Docs, Google Spreadsheets, and more. Cross-site scripting vulnerabilities in any of these sub domains can allow an attacker to hijack a user's session and access other Google services as if they were that user.

    Google has fixed the vulnerability discovered by Rios and there have been no reports of the vulnerability being exploited by attackers.

    Posted by Paul Mutton on 14th April, 2008 in Security

Page 5 of 8« First...34567...Last »