In the January 2009 survey we received responses from
185,497,213 sites, reflecting an uncharacteristic monthly loss of 1.23 million sites.
Apache's market share grew by more than 1 percentage point this month, extending its lead over Microsoft IIS, which has fallen to less than a third of the market. In total, Apache gained 1.27 million sites this month.
Microsoft showed the largest loss this month, after more than 2 million blogging sites running on Microsoft-IIS websites expired from the survey.
GFE, which is primarily used by Google's Blogger service to publish blogs under the blogspot.com domain, lost nearly 600 thousand sites, while nginx continues to grow and increases its market share to 1.87%.
Further down the field, the number of sites hosted on httpd and WebserverX both increased by more than 20%. Both web servers take a relatively small share of the market, however, with httpd growing to 236 thousand sites and WebserverX growing to 154 thousand.
Total Sites Across All Domains August 1995 - January 2009
New vulnerabilities were discovered yesterday in multiple programs using OpenSSL, one of the standard cryptography libraries on Linux and Unix systems. Due to a common mistake in checking return values from functions checking digital signatures, several programs may be vulnerable to spoofing of digital signatures.
The most important affected program is ISC Bind, which is the most widely used DNS server on the internet. A flaw in its validation of signatures on DNSSEC replies means that the server may be vulnerable to DNS spoofing attacks even where DNSSEC is in use. Bind have released BIND 9.6.0-P1 this morning to fix this bug.
As of 1st January 2009, the Netcraft Toolbar community has blocked 1.9 million phishing attacks. To provide an incentive for the community to send us reports of phishing sites, reporters now receive the following goodies from Netcraft:
|Netcraft Mug||(after 100 validated phishing reports)
|Netcraft Polo Shirt||(after 400)
|Targus Laptop Backpack||(after 1,000)
|Top of the range iPod||(after 4,000)
To report phishing sites to us, use the form at http://toolbar.netcraft.com/report_url
Upon reaching 4,000 you become eligible for a monthly competition to incentivise large reporters.
To track the progress, we have a leaderboard displaying the people with the largest number of accepted reports so far this month, identified by their first names to preserve their anonymity.
The Netcraft Toolbar, which is available for both Internet Explorer and Firefox, serves as a giant neighborhood watch scheme for the Internet: members who encounter a phishing fraud can act to defend the larger community of users against the attack. Once the first recipients of a phishing mail have reported the target URL, it is blocked for toolbar users who subsequently access the URL and widely disseminated attacks simply mean that the phishing attack will be reported and blocked sooner.
Looking back at 2008, Netcraft has seen phishing attacks evolve, with fraudsters using progressively sneakier tactics:
October 2008 saw an attack against Yahoo! which was used to steal authentication cookies from its users. The cross-site scripting vulnerability on Yahoo!'s own website allowed the fraudster to steal the details simply as a result of a victim visiting the page.
The two-edged nature of how browsers present Extended Validation (EV) SSL certificates was highlighted after a cross-site scripting vulnerability was demonstrated on paypal.com. This flaw would have allowed hackers to carry out highly plausible attacks, adding their own content to the site and stealing credentials from users.
Phishers branched out into telephone phishing. Victims were asked to phone a toll free number to reactivate their card.
Fraudsters found a cross-site scripting vulnerability on an Italian bank's website. This was used to orchestrate an attack against the bank, using its own HTTPS website URL.
Backdoored phishing kits have been deployed by criminal programmers wishing to reduce their workload by getting novice fraudsters to deploy the kits onto websites and send the phishing emails. Netcraft later reported a large range of different phishing kits being offered by the same group.
New York Internet and
are the most reliable hosting company sites for December 2008.
New York Internet sees its third consecutive appearance in the top ten, while WestHost becomes the most reliable hosting company for the second month in a row.
Established in 1996, New York Internet is located in the heart of the Wall Street area and owns and maintains its own data centers. The company's core services include dedicated servers, colocation and virtual web hosting. New York Internet uses Apache on FreeBSD to host its own site.
WestHost uses Linux for its main site and hosts more than 70,000 other websites. Their services include shared web hosting, dedicated servers, reseller hosting and domain name registration. WestHost's data center is SAS 70 Type II certified and constructed from nine base isolation units bolted on top of a 3.5ft reinforced matte footing, which helps to absorb shock during earthquakes.
In total, half of December's top ten hosting companies use Linux for their main company site, while three use FreeBSD. green.ch uses the F5 BIG-IP device and Easynet uses Windows Server 2003.
Netcraft's SSL Survey shows that 14% of valid third party SSL certificates have been issued using MD5 signatures — an algorithm that has recently been demonstrated to be vulnerable to attack by producing a fake certificate authority certificate signed by a widely-trusted third party certificate authority.
The researchers achieved this by producing a hash collision — they submitted valid certificate requests to a certificate authority (CA), while producing a second certificate that had the same signature but entirely different details. When the CA signed the valid certificate, the signature applied also to the invalid certificate, allowing the researchers to spoof any secure website that they liked. This attack is the first practical use against SSL of already-known attacks against the MD5 checksum algorithm.
Netcraft's December 2008 SSL Survey found 135,000 valid third party certificates using MD5 signatures on public web sites, which is around 14% of the total number of valid SSL certificates in use.The great majority consist of certificates from RapidSSL (shown as Equifax on the certiifcate). As of Netcraft's December survey, all of the 128,000 RapidSSL certificates in use on public sites were signed with MD5; there are some much smaller CAs that use MD5 still, and there are a small number of certificates from Thawte and VeriSign, although most of their certificates are signed with the more secure SHA1. Other CAs use only SHA1.
Verisign (owners of RapidSSL since 2006) have stated that they have stopped using MD5-signing for RapidSSL certificates, and will have phased out MD5-signing across all their certificate products by the end of January 2009. Other affected CAs are likely to follow suit, as SHA1 is well established and is already in use for the majority of SSL certificate signing, so it should be simple to switch to using this more secure alternative. Once it is impossible to obtain new certificates signed with MD5, this attack will be neutralised.