Netcraft is now publishing articles via an RSS feed which is available at http://news.netcraft.com/index.rdf.
Postings to the mailing list will also become more frequent, with articles continuing to cover technology adoption, security, hosting, and Netcraft services.
nCipher and Verisign today launched
the world's first hardware SSL certificates. An SSL certificate stored in dedicated cryptographic hardware initially seems superfluous, but there are some bona fide advantages.
The Apache Project have announced that versions of Apache/2.0 up to and including Apache/2.0.44 are vulnerable to a denial of service attack. To fix the problem, the project has released Apache/2.0.45 which is available for download.
People running Apache servers should note that the vulnerability only applies to Apache/2.0 and not Apache/1.3. In this respect the bug is not a big threat to the stability of the web - it is a denial of service rather than a remote compromise and the number of sites running Apache/2.0 is relatively small. Almost 99% of Apache sites are on Apache/1.3 or earlier.
Since we started the Web Server Survey in 1995, a longstanding theme of Netcraft's internet exploration work has been the issue of how best to reassure webmasters and systems administrators that requests they may see originating from Netcraft's network are benign, and do not in any way convey aggressive intent.
Earlier today an RFC was published by Internet pioneer Steve Bellovin which addresses this scenario. Bellovin's idea is that the sender's intentions, whether good or bad, should be stated directly in the TCP header information using a security flag [termed the "evil bit" by Bellovin]. It is intended that network protection devices such as routers, firewalls and Intrusion Detection Systems should defend their networks against packets where the evil bit is set, but otherwise assume that traffic is benign. Groups aligning themselves with RFC 3514 include the FreeBSD project, [who have already coded an implementation] and the nmap scanner.
Further to our article on the widespread availability of WebDAV on Microsoft-IIS/5.0 sites, Roman Medina and Rafael Nunez have each published the sources to programs written to exploit the vulnerability.
Additionally, David Litchfield has produced a paper emphasizing that the problem is a core DLL in Windows 2000 that is possible to exploit without recourse to the published Microsoft-IIS WebDAV vulnerability.
Expert opinion is that no unpatched Windows 2000 machines are safe.
Netcraft's network exploration services may be useful for people managing large networks of Windows 2000 servers. In particular, we can report machines not yet rebooted since the availability of Microsoft's patch and determine availability of WebDAV functionality on those machines.
Please mail us if interested.
In the March 2003 survey we received responses from
Market Share for Top Servers Across All Domains August 1995 - March 2003
|Developer||February 2003||Percent||March 2003||Percent||Change|