1. Microsoft Updates Fix for Critical Win2K Hole

    Microsoft has issued workaround instructions for a buggy patch issued last Tuesday as part of its monthly security update. The patch repairs a critical security hole, which could leave Windows 2000 systems open to an Internet worm attack. Microsoft says that few systems have been affected by issues with the update for a security hole known as MS05-051, which could allow attackers to gain control of Windows 2000 computers via an unchecked buffer in the Microsoft Distributed Transaction Coordinator (MSDTC).

    Late last week users began reporting significant problems on some Windows XP, Windows 2000 and Windows Server 2003 systems after the patch was applied. Although few users were directly affected, the bug reports may have prompted many network administrators to delay patching their systems until the issues were resolved.

    (more...)

    Posted by Rich Miller on 17th October, 2005 in Security

  2. Video iPod Launch Slows Apple Store

    The Apple Store was offline for more than an hour following the launch of a new video-enabled iPod, which was unveiled today after months of anticipation. While the launch of a new Apple product routinely leads to brief "restocking" outages for the Apple store, today's downtime was longer than usual, perhaps due to web traffic generated by the pent-up curiosity of iPod lovers.

    applestore.png

    The video iPod has a 2.5-inch screen and will sell for $299 for the 30-gigbyte hard drive, and $399 for 60 gigs. Apple's iTunes store will now sell music videos and some TV programming at $1.99 per video.

    Posted by Rich Miller on 12th October, 2005 in Performance

  3. OpenSSL Patches Security Hole

    OpenSSL has released a software update to fix a flaw that could make it easier for hackers to attack secure web servers. The security issue could allow attackers to force an SSL-enabled site to use the outdated and potentially insecure SSL version 2.0 protocol.

    Some secure web sites allow visitors to connect using earlier versions of SSL, an option which can be enabled by OpenSSL's SSL_OP_ALL setting. Normally, web servers will default to the most current encryption protocol supported by the user's browser, usually TLS or SSL version 3. But a flaw in the SSL_OP_ALL implementation could allow an attacker to trick the server into using SSL 2.0.

    "An attacker acting as a 'man in the middle' can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0," notes the advisory from OpenSSL. "The SSL 2.0 protocol is known to have severe cryptographic weaknesses and is supported as a fallback only." The OpenSSL Project is advising users to either upgrade their server software with the latest version or disable SSL 2.0 entirely.

    (more...)

    Posted by Rich Miller on 11th October, 2005 in Security

  4. Phishing Defense a Key Factor in eBay-VeriSign Deal

    Paypal will implement strengthened anti-phishing measures for up to 1 million users next year through a deal announced yesterday between VeriSign and eBay, which operates Paypal. While most of the headlines focused on eBay's purchase of VeriSign's payment processing unit for $370 million, the most widely-felt benefit of the deal will likely be the enhanced security for Paypal, which has been relentlessly targeted by phishing scams.

    The agreement calls for eBay to buy up to 1 million two-factor authentication tokens from VeriSign. eBay and PayPal plan to begin the rollout of two-factor authentication to customers in 2006, including marketing and security programs designed to "promote customer adoption."

    (more...)

    Posted by Rich Miller on 11th October, 2005 in Security

  5. VeriSign Acquires Weblogs.com, Declares War on ‘Splogs’

    VeriSign has acquired Weblogs.com, the primary weblog "ping" service tracking how often weblogs are updated. The deal capped a wild Thursday in the blogosphere, which started with the announcement that America Online has bought Weblogs Inc., one of the most prominent blogging networks.

    While the AOL-Weblogs Inc. deal is focused on content, VeriSign's purchase of Weblogs.com from founder Dave Winer is all about infrastructure. "For a long time, ping servers could be stood up as a single box running on a fast business DSL connection," noted VeriSign's Mike Graves on the company's Infrablog. "Those days have passed at least for the popular ping servers; pings are well on their way to requiring serious infrastructure. That’s where VeriSign comes in."

    (more...)

    Posted by Rich Miller on 7th October, 2005 in Security

  6. October 2005 Web Server Survey

    In the October 2005 survey we received responses from 74,409,971 sites, an increase of 2.68 million sites from the September survey. The large gain makes 2005 the strongest year ever for Internet growth, as the web has added 17.5 million sites, easily surpassing the previous annual mark of 16 million during the height of the dot-com boom in 2000.

    This month also saw movement in web server market share for the first time in many months, with Windows servers gaining 0.75 percent market share in active sites, while Apache's share fell by 0.67 percent. Apache continues to maintain a large lead in both active sites and hostnames, and in fact improved its share by 0.74 percent in hostnames. With this month's growth, Apache now powers more than 50 million sites.

    Total Sites Across All Domains August 1995 - October 2005

    Total Sites Across All Domains, August 1995 - October 2005

    Graph of market share for top servers across all domains, August 1995 - October 2005

    Top Developers
    DeveloperSeptember 2005PercentOctober 2005PercentChange
    Apache4959842469.155200581169.890.74
    Microsoft1460155320.361529303020.550.19
    Sun18688912.6118899892.54-0.07
    Zeus5845980.825859720.79-0.03

    (more...)

    Posted by Netcraft on 4th October, 2005 in Web Server Survey