An ongoing phishing attack against UK taxpayers is being given additional credibility by using a gov.uk domain. Sefton Council is hosting the phishing content on its Novel GroupWise 7.0 site at web11.sefton.gov.uk.
The phish follows one of the typical ploys commonly seen in HMRC and IRS phishing attacks: The victim is led to believe that they can receive a tax refund by submitting their full credit card details, but these details are instead sent directly to the fraudster behind the attack.
The fraudulent form submits the victim's details to a PHP script hosted at www.zamoh.biz.
The UK's Central Office of Information is responsible for deciding who can register gov.uk domains. Eligibility is strictly limited, which helps to preserve the integrity of the gov.uk namespace; however, this obviously has an undesirable effect when this integrity is leveraged by fraudulent content on compromised servers. Netcraft has informed Sefton Council about this phishing attack.
Netcraft provides an Automated Vulnerability Scanning service which regularly tests your internet infrastructure, supplies the information you need to maintain your security and eliminate vulnerabilities, and audits that it has found no serious vulnerabilities using a dynamically generated seal.
Apache.org has been offline for 3 hours this morning, after one of their servers was compromised. Their sites were displaying the message:
The message goes on to say that the compromise is "not due to any software exploits in Apache itself", but was instead due to a compromised SSH key.
Update: Most of apache.org's sites have been back online this afternoon after they switched over to servers not compromised in the attack. Apache have released more information about the incident: an account used for backups was compromised on a back-end server. This server distributes content to Apache's public web servers, so the attackers used it to distribute scripts to the web servers; once the scripts were public, the attackers could execute them remotely, gaining access to the web servers as well. But these rogue processes were detected, so the servers were taken offline for investigation and clean-up.
The most recent Netcraft Web Server Survey found more than 62 million websites running Microsoft IIS 6.0, but many of these are unlikely to be affected by the latest WebDAV remote authentication bypass vulnerability.
A new WebDAV vulnerability was published by Nikolaos Rangos on Friday, and details how attackers can bypass access restrictions using a flaw in the WebDAV functionality on IIS 6.0. By failing to handle Unicode tokens properly, the bug gives attackers access to password protected folders and, in some cases, the ability to upload files to the affected web servers.
Although IIS 6.0 accounts for more than 90% of the Microsoft sites on the Internet, the total number of vulnerable sites is likely to be substantially less than 62 million because WebDAV is not a default component of IIS 6.0 when a Windows Server 2003 machine is given the role of Application Server. Nonetheless, some people may install and enable WebDAV to provide a convenient means of publishing and managing web server content through firewalls – because WebDAV is an extension to the HTTP protocol, it can operate over the same port number as HTTP.
Microsoft issued a security advisory on Monday, which also lists IIS 5.0 as vulnerable. This issue may affect a much larger proportion of the 2.8 million IIS 5.0 websites as, unlike its successor, Windows 2000 Server automatically installs WebDAV alongside IIS 5.0.
Two years after their first appearance in the Netcraft SSL Survey, there are now more than 11 thousand Extended Validation (EV) SSL certificates in use on the Web. Despite enjoying two years of continued growth, EV SSL certificates still only make up around 1% of all SSL certificates in use on the Internet.
Nearly all modern browsers now support EV SSL certificates by colouring all or part of the address bar in green.
The proportion of EV SSL certificates rises considerably amongst the world's busiest websites, as shown by Netcraft's top 1 million sites dataset. In general, it seems, the more traffic an SSL site has, the more likely it is to use an EV certificate, and in particular, more than a quarter of the SSL certificates within the top 1,000 sites have extended validation.
| Population | SSL Certificates | EV SSL Certificates | EV SSL Share |
|---|---|---|---|
| All Sites | 1,028,868 | 11,300 | 1.1% |
| Top 1,000,000 | 45,851 | 2,662 | 5.8% |
| Top 100,000 | 7,012 | 710 | 10.1% |
| Top 10,000 | 712 | 115 | 16.2% |
| Top 1,000 | 60 | 17 | 28.3% |
Related Netcraft Service: Web Application Security Testing
Netcraft's SSL Survey shows that 14% of valid third party SSL certificates are using MD5 signatures — an algorithm that is demonstrably vulnerable to attack.
Related Netcraft Service: SSL Survey
Related Netcraft Service: Web Application Security Testing
Related Netcraft Service: SSL Survey
| Rackspace Managed Hosting - Web Hosting - Hosting | Swishmail.com Business Email Hosting | Compare the Best Web Hosting Companies |
| INetU Managed Hosting - Dedicated Servers | Windows Dedicated Servers from Server Intellect | Reseller hosting Managed dedicated server Ahosting |
| Business Web Hosting Services - webhosting.uk.com | Web Hosting - Dedicated Servers & VPS Hosting | Managed Hosting - PCI Compliance by NeoSpire |
Advertising on Netcraft
Digg
Slashdot
Reddit
StumbleUpon
Delicious
Technorati