FOX employee data leaked “for the lulz”

Following last week's release of the X Factor 2011 contestant database on BitTorrent, The Lulz Boat (LulzSec on Twitter) has today released the passwords and email addresses of dozens of FOX employees.

Other files uploaded by LulzSec today suggest that the data may have been obtained through a hidden PHP script planted on fox.com, which allowed unauthorised access to a live production database. The attackers also listed the locations and partial content of several PHP configuration files on the server.

Earlier this week, two FOX Twitter accounts were also compromised. Both FOX UP and Fox 15 were hacked, presumably by LulzSec:

LulzSec also claimed to have hacked into 14 LinkedIn accounts belonging to FOX staff. The addresses of the affected accounts were posted on Pastebin.com on Monday, but the profiles have since been taken down.

LulzSec deny being vigilantes, cyberterrorists, or having any political motives. They say "we do it for the lulz" – an expression made popular by a FOX11 news report from 2007, which is often mocked for its inaccurate portrayal of the group Anonymous. Sven Slootweg, owner of AnonNews.org, described the FOX11 report as "complete nonsense" and told Netcraft that it had "spawned a ton of memes".

Sony PlayStation Store back online

Parts of the Sony PlayStation Network are coming back online after more than two weeks of continuous downtime.

The PlayStation Store website went online around 02:00 UTC today, although online gaming services through the PlayStation Network are still undergoing maintenance.

Sony yesterday began the final stages of testing the new PlayStation Network and Qriocity services, making sure they are secure before the services are relaunched.

Six days after the PlayStation Network was taken offline, Sony revealed that 77 million users' names, addresses, email addresses, birth dates, logins and passwords had been compromised by hackers. Although the passwords were transformed with a cryptographic hashing function, weak passwords may nonetheless be vulnerable to offline brute-force attacks. Accordingly, Sony recommended that users change their passwords if they use the same credentials for other, unrelated services.

Although credit card details were stored in an encrypted format, these could also be at risk if the decryption key was stored on, or made available to, any of the compromised servers. However, as of Wednesday, the major credit card companies have not reported any fraudulent transactions resulting directly from the Sony security breach.

Possible security breach at LastPass forces master password changes

LastPass is forcing its users to change their master passwords following a possible security breach. The free, multiplatform password manager software allows individuals to store passwords for many different websites, all of which can then be accessed using a single master password.


LastPass users only need to remember their master password to log into any website.

Users were notified of the issue after LastPass identified anomalous outbound network traffic. Although this traffic could not be accounted for, the amount of data transferred was big enough to include people's email addresses, the server salt and salted password hashes. This would provide enough information for a hacker to carry out an offline brute-force attack against the hashes, possibly allowing plaintext passwords to be recovered from many users.

LastPass remains unsure of what has actually happened, but prudently assumed the worst, noting that, "We realize this may be an overreaction and we apologize for the disruption this will cause, but we'd rather be paranoid and slightly inconvenience you than to be even more sorry later."

May 2011 Web Server Survey

In the May 2011 survey we received responses from 324,697,205 sites.

Apache exhibited by far the largest growth this month, gaining 12.5M hostnames and over 1.5 percentage points of market share. SoftLayer saw the largest increase, gaining 3.0M hostnames, while Earthlink took a big drop, losing 1.3M.

Microsoft only gained 0.8M hostnames this month, losing them half a percentage point of market share. Rackspace and GoDaddy both showed notable growth, 260k and 280k respectively, but Intergenia AG suffered a fairly big loss of 1.1M hostnames at server4you.net in the US.

nginx and lighttpd both saw small gains of 381k and 21k respectively, while Google gained a much larger 1.5M hostnames.

The Tōhoku Earthquake has not caused any significant drops in the number of sites seen by the survey, though Japan's growth this month of 231k hostnames was about two thirds of what was seen in March (345k) and April (389k).

In Libya, where most of the country's internet access was cut off in early March, hostnames have dropped by about 95% from 917 to just 42. The recent mass protests and political turmoil experienced by other North African and Middle Eastern countries, such as Tunisia, Egypt and Syria, has not yet resulted in any noticeable changes to the countries' hostname numbers.

Total Sites Across All Domains
August 1995 - May 2011

Total Sites Across All Domains, August 1995 - May 2011


Market Share for Top Servers Across All Domains
August 1995 - May 2011

Graph of market share for top servers across all domains, August 1995 - May 2011


DeveloperApril 2011PercentMay 2011PercentChange
Apache191,139,96661.13%203,609,89062.71%1.58
Microsoft58,867,09718.83%59,646,77818.37%-0.46
nginx23,463,6697.50%23,850,2657.35%-0.16
Google14,690,4224.70%16,219,8245.00%0.30
lighttpd1,862,9630.60%1,884,8760.58%-0.02
Continue reading

Most Reliable Hosting Company Sites in April 2011

Rank Company site OS Outage
hh:mm:ss
Failed
Req%
DNS Connect First
byte
Total
1 Rackspace F5 Big-IP 0:00:00 0.008 0.120 0.063 0.127 0.127
2 www.qubenet.net Linux 0:00:00 0.015 0.081 0.043 0.088 0.088
3 www.netcetera.co.uk Windows 0:00:00 0.015 0.067 0.071 0.143 0.288
4 Datapipe FreeBSD 0:00:00 0.019 0.124 0.008 0.019 0.026
5 New York Internet FreeBSD 0:00:00 0.019 0.167 0.063 0.126 0.341
6 www.logicworks.net Linux 0:00:00 0.027 0.114 0.064 0.142 0.344
7 INetU unknown 0:00:00 0.031 0.097 0.039 0.101 0.242
8 Hosting 4 Less Linux 0:00:00 0.035 0.122 0.096 0.195 0.422
9 www.serverbeach.com Linux 0:00:00 0.039 0.076 0.007 0.047 0.080
10 www.poundhost.com Linux 0:00:00 0.039 0.215 0.061 0.136 0.260

See full table

Heading the table for April with only two failed requests from any of the performance monitors during the month was Rackspace. Rackspace provides managed and cloud hosting from nine datacentres in the U.S., the U.K. and China. Rackspace frequently features in Netcraft's top ten most reliable hosting companies, having appeared five times in the last year.

Second most reliable this month was Qube, a London-based hosting company which also has datacentres in New York and Zurich. Qube provide managed hosting, managed colocation and cloud hosting for a wide variety of customers, particularly in the areas of finance and new media. Although Qube has previously appeared in the top ten, this is the first time the hosting company has made it to the top three.

The third most reliable hosting company in April was Netcetera. Netcetera experienced the same number of failed requests as Qube, but had a longer average connection time. Netcetera provides a wide range of colocation, hosting and cloud services to customers throughout the world.

Five of the top ten sites this month were running on Linux, two were running on FreeBSD, and one on Windows. Rackspace's site, which performed best this month, is hosted on F5 Big-IP.

Netcraft measures and makes available the response times of around forty leading hosting providers' sites. The performance measurements are made at fifteen minute intervals from separate points around the internet, and averages are calculated over the immediately preceding 24 hour period.

From a customer's point of view, the percentage of failed requests is more pertinent than outages on hosting companies' own sites, as this gives a pointer to reliability of routing, and this is why we choose to rank our table by fewest failed requests, rather than shortest periods of outage. In the event the number of failed requests are equal then sites are ranked by average connection times.

Information on the measurement process and current measurements is available.

Fire at data centre sends Aruba offline

Italian hosting company Aruba was knocked offline for a few hours today after a fire broke out in the centre of a server farm.

Aruba said the fire involved UPS batteries and confirmed that no servers had been damaged; however, the fire alarm system caused the power to be cut, sending many websites offline. Aruba started restoring power once it was deemed safe to do so.

At the time of writing, Aruba has restored 2 out of 3 data rooms and warns that the ongoing UPS restoration may result in unexpected downtime if there are any further power interruptions. Further updates can be found on Aruba's Twitter page.