The White House launched a new version of its website on Saturday. While little has changed on the surface, the underlying technology is now powered by the open source Drupal content management system.
The www.whitehouse.gov site was previously served by Microsoft IIS 6.0, but the new server software identifies itself as "White House". The new site continues to use Akamai's content delivery network for caching.
Drupal is the 6th largest PHP-based content management system in Netcraft's Web Server Survey, being found on more than 400,000 websites. Drupal's security will no doubt be put to the test in the coming weeks, as the White House website has always stood as an obvious target for hackers. Drupal's security team has a full disclosure policy of announcing security problems after they have been fixed, rather than withholding the information from its users.
Drupal's core security advisories are made public at http://drupal.org/security. Eight advisories have been published so far this year, which have included two highly critical file inclusion flaws which could have allowed remote attackers to execute code on Windows servers.
American financial services company Citigroup suffered a deluge of phishing attacks after Monday's news that it intended to acquire the banking operations of Wachovia Corporation.
The credit crisis has triggered a number of acquisitions in recent months, and fraudsters have previously tried to exploit such events by orchestrating phishing attacks against the acquiring companies. One motivation for these types of attack is the increased chance of success when potential victims have less familiarity with the genuine website that is being fraudulently mimicked.
However, the timing of this week's attacks may be coincidental — and subsequently Wachovia has announced that it will instead merge with Wells Fargo.
Netcraft offers a countermeasures service to help banks and other financial organizations take down phishing sites. This service complements Netcraft's Phishing, Identity Theft and Bank Fraud Detection service and its free Anti-Phishing Toolbar.
MySpace has become one of the first very busy sites to adopt the use of Windows Server 2008, using the new Microsoft operating system on its redirection site at msplinks.com.
MySpace started using the msplinks.com site last year, in a bid to protect its users against spamming and phishing attacks. When users added a link into MySpace, the URL would be replaced with a link to msplinks.com, which would then redirect to the intended URL. This gave MySpace greater control over the links that originated from their site, allowing them to disable the links if they are found to point to spam, viruses or phishing sites.
MySpace initially received criticism for implementing their redirection system, as it resulted in all destination URLs being converted to lowercase. For some users, this broke links to popular sites such as YouTube, which uses case-sensitive URLs for its videos (e.g. http://www.youtube.com/watch?v=eBGIQ7ZuuiU).
While the msplinks.com server exhibits the TCP/IP characteristics of Windows Server 2008, and runs Microsoft's IIS 7.0 web server software, the main MySpace site at myspace.com continues to use IIS 6.0 and Windows Server 2003. Netcraft's Web Server Survey contains more than 8 million sites hosted by myspace.com.
'Msplinks' that are no longer in service cause the user to be redirected to a MySpace error page, which states that, "...the link was very naughty, and, much like head lice, had to be eliminated before it spread." The page then goes on to describe the possible reasons for the link being disabled.
A casual glance at the msplinks.com homepage reveals a distinct lack of content; however, the purpose of the site is contained in a hidden message written in white text, which can be viewed by highlighting the contents of the page, or viewing the HTML source:
Microsoft has recently switched its main website, www.microsoft.com to Windows Server 2008 and Microsoft-IIS/7.0.
Although Windows Server 2008 is not yet released, Beta 3 is publicly available for early adopters to use. Internet Information Server 7 is already released, but will probably not see widespread use until Windows Server 2008 (formerly "Longhorn") is released, since it only runs on Windows Server 2008 or Windows Vista.
There are already around 2,600 sites running Windows Server 2008 on the Internet. Whilst some of the servers running Windows Server 2008 are at Microsoft itself, the majority are not, with developers and hosting companies taking advantage of Windows Server 2008's availability under a Go Live license which allows the beta to be used for testing or in a live environment without cost.
Windows Server 2008 is due to be released in the second half of 2007, although there has been media speculation - fueled by the 2008 name - that a release may be at the end of that period. Once it is released, it could be expected to take a long time for large numbers of sites to move over to the latest version; it took several years for the installed base of Windows Server 2003 to overtake Windows 2000, and there are still some 5 million sites running on Windows 2000 even today.
Netcraft's SSL Survey has found more than 600,000 SSL sites on the Internet for the first time this month. SSL sites are used by ecommerce sites, online banking and financial services, and other secure online service providers.
Netcraft's survey of SSL sites has now been running for over ten years. The first survey, in November 1996, found just 3,283 sites; since then, the number of SSL sites has had an average compound growth of 65% per annum.
Number of secure sites 1997-2007
The survey is a good guide to the growth of online trading and services. The survey counts sites by collecting SSL certificates; each distinct, valid SSL certificate is counted in the results. Each SSL certificate typically represents one company's details, and each certificate must be approved by a certificate authority, so the data is typically more consistent and less volatile than other attributes of the Internet's infrastructure.
The U.S. crackdown on online gambling company BetOnSports appears unlikely to spark dramatic shifts in the geography of the online gambling industry in the short term. American DNS service providers and DDoS mitigation companies are continuing to provide services to UK betting sites, while initial fears about the British government's extradition policy have eased somewhat. But some international betting services are barring U.S. residents, and up-and-coming offshore "data havens" are likely to be of growing interest to UK-based gambling operations.
It will take time for the broader implications of the U.S. charges against BetonSports.com to become clear. BetonSports.com CEO David Carruthers was arrested Sunday in Dallas/Fort Worth airport as he changed flights on his way from London to Costa Rica (where BetOnSports is based) and charged with conspiracy, fraud and racketeering. Also named in the indictment were Florida companies that provided marketing services to BetonSports. While those charges dealt specifically with the transport of gambling equipment to offshore sites, the inclusion of the companies has raised concern among U.S. companies providing services to international gambling sites.
Neustar Ultra Services (formerly UltraDNS) is continuing to provide DNS management services to BetonSports.com and several other UK gambling sites. Prolexic, a Florida provider specializing in mitigation of DDoS attacks, also counts offshore gambling web sites as customers. Gambling sites are frequent targets of attacks from DDoS blackmail schemes.