Faulty Site Redesign Leads Tower to Settle With Regulators

As Internet security threats multiply, redesigns of e-commerce sites can introduce a lot more than a sleek new user interface. Tower Records recently settled charges with the U.S. Federal Trade Commission, which sued the company last year after a redesign of its online music store introduced security holes that exposed customers' personal information.

The lapse violated federal law as well as Tower's privacy policy, according to the FTC, which warned that online merchants and banks will be held accountable for lax security auditing of redesigns. "In a fast moving world of electronic commerce, change is inevitable," said Howard Beales, Director of the FTC’s Bureau of Consumer Protection. "Companies must have reasonable procedures in place to make sure that changes do not create new vulnerabilities." The consent agreement requires Tower to have its web site audited by third-party security professionals every two years for the next 10 years. Continue reading

Cisco Uses Linux in Enterprise Content Caching System

While the open source community works on developing affordable substitutes for Cisco routers, Cisco itself is using Linux to power its Application and Content Networking System (ACNS), a caching and content delivery product for enterprise companies.

ACNS allows an IT staff to manage the flow of complex applications, audio and video over Cisco devices on a large network, with customers including Reuters, Siemens Medical Solutions and the U.S. Department of Veterans Affairs.

"ACNS has been based on a Cisco-modified version of Linux since its initial release," said Cisco spokesman Charles Sommerhauser. "There were earlier generations of related products that also ran on this OS. We use Linux on some of our products in order to integrate Linux-based applications."

Continue reading

Microsoft SSL Patch Crashes Some Win2K Systems

The Windows MS04-011 security patch includes a bug that crashes some Windows 2000 machines, according to Microsoft. Nearly 39 percent of web-facing SSL servers are running Windows 2000, according to our March SSL Survey, making it the most widely deployed operating system for SSL systems by a margin.

The security update, arguably one of the most critical Windows security fixes ever, addresses 14 separate security holes. Among them is a Windows SSL vulnerability targeted by several published exploits, which has raised concerns of a major Internet security event. The PCT and SSL 2.0 protocols targeted by the exploit are enabled by default in Win2K.

Continue reading

Protracted Availability problems for Above.net

The Above.net web site is experiencing the latest in a series of outages, which began April 24 and have intensified since Tuesday, with the www.above.net site either exhibiting very slow response times or being unreachable. The duration of the performance problems is unusual for a network provider the size of Above.net (previously Metromedia Fiber Network). The company has not yet responded to an inquiry about its site performance.

AboveNet site performance

Our Hosting Provider Network Performance summary provides current information on the uptime for web sites of major hosting companies.

Interview with Miguel de Icaza, co-founder of Gnome, Ximian and Mono

Born in Mexico City, Miguel de Icaza was the driving force behind the creation of the Gnome free software desktop, and co-founded the open source company Ximian, bought last August by Novell. In July 2001, he helped start another ambitious project, Mono: a free implementation for GNU/Linux of Microsoft's .Net framework. He talks to Glyn Moody about Mono's progress, how Ximian was bought by Novell, and why he is so scared of Microsoft's Longhorn.

Q. How has your vision of Mono changed since you began the project, and what are the main aims of Mono today?

A. A lot of the things that Microsoft was addressing with .Net were touching on existing pain points for us. We've been using C and C++ way too much - they're nice, but they're very close to the machine and what we wanted was to empower regular users to build applications for Linux. Windows has a lot of tools that address a particular problem but on Linux we're kind of on our own in terms of development So when Microsoft came out with this [.Net] thing, initially what we saw was very interesting, and that's how the project got started. But as people got together and started to work and collaborate on this effort, a couple of things happened.

The first one is that there was more and more momentum behind building APIs that were compatible with the Microsoft ones. Novell and Ximian were focused just on the core and C#; a lot of the people who came and contributed software to the project were interested in Windows Forms, or ASP.Net or Web services or databases, which were part of the Microsoft stack.

And at the same time we have grown organically a stack completely independent of the Microsoft stack, which we call the Mono stack but it includes things like tools for doing GUI development for Linux - that was one thing that we were very interested in and we actually invested a lot of effort into that.

So today at the core we still have Mono, which is what we wanted to do, and now we've got two very healthy independent stacks: the Microsoft-compatible stack for people who want to bring their applications from Windows to Linux, and also this completely new and fresh stack of things that in some cases are portable from Linux to Windows, and in some cases are very, very Linux specific.

Q. Microsoft doesn't seem to be making so much noise about .Net these days: what's your view of .Net's progress at the moment: how is it shaping up as a platform for writing software?

Continue reading

CrystalTech Hosting Bought by Financial Services Firm

Windows hosting specialist CrystalTech Web Hosting has been acquired by financial services firm Newtek Business Services. Both companies target the market for small and medium-sized businesses. CrystalTech, based in Phoenix, Ariz., hosts more than 30,000 active sites, including 25,000 running on Windows Server 2003.

CrystalTech President and CEO Tim Uzzanti said the pressure to reach new prospects in the price-sensitive hosting industry was a major factor in seeking an acquirer. "The problem is that marketing a single product or service line to what is a largely untapped market costs money, and those costs are generally passed on to the end user in the form of higher service fees or other add-ons." The deal allows CrystalTech's hosting services to be marketed to NewTek's base of existing customers.

Continue reading