ChoicePoint Fined $10 Million for Data Breach

ChoicePoint will pay $10 million in civil penalties and another $5 million to set up a fund to compensate consumers whose financial records were exposed in a massive data breach last year, the Federal Trade Commission (FTC) announced today. The fine is believed to be the largest ever for a security incident, and signals Washington's growing impatience with corporate security breaches.

"The message to ChoicePoint and others should be clear: Consumers’ private data must be protected from thieves," said Deborah Platt Majoras, Chairman of the FTC. "Data security is critical to consumers, and protecting it is a priority for the FTC, as it should be to every business in America."

ChoicePoint provides data to credit providers, government agencies and landlords. Earlier today it reported $1.1 billion in revenue for 2005. In late 2004 criminals using falsified credentials were able to sign up for sensitive ChoicePoint services and access account information for 163,000 consumers, the FTC said.

Continue reading

DDoS Attack Cited in Million Dollar Homepage Outage

The company hosting the Million Dollar Homepage says an electronic attack was responsible for the extended outages earlier today. The distributed denial of service (DDoS) occurred as college student Alex Tew sold the final 1,000 pixels if his innovative ad service in an eBay auction for $38,100. The attack left the milliondollarhomepage.com site unreachable for large portions of the day, as seen in a performance chart for the site.

"The site received a major DDoS attack, and DDoS protection/prevention was not included in the customer's plan," Russell Weiss of InfoRelay Online Systems, Inc. wrote in an e-mail to Netcraft. "That said, we voluntarily took a number of steps to alleviate this attack while working within the appropriate budget." InfoRelay is the owner and operator of Sitelutions, which hosts the Million Dollar Homepage.

Tew has promised to keep the site online for at least five years. The DDoS attacks raise the prospect that operating milliondollarhomepage.com may prove more expensive than Tew originally envisioned. Tew will not be charged for any additional bandwidth consumed by the attack. But as Weiss noted, defense against DDoS attacks is typically a paid service not included with basic hosting accounts.

Continue reading

Million Dollar Homepage Hit By Downtime

The Million Dollar Homepage was unavailable for an extended period early today, as huge publicity accompanied the completion of Alex Tew's novel online advertising service. Tew, a 21-year-old UK college student, sold the final 1,000 pixels for $38,100 in an eBay auction that closed Wednesday, netting Tew a total of $1,037,100 in total ad sales. The winner of the auction has not yet been announced. Tew launched the site in September to pay his college expenses, offering 1 million pixels of ad space at $1 a pixel.

The gimmick has paid off in huge web traffic. Milliondollarhomepage.com has received up to 500,000 unique visitors per day, and uses up to 200 megabits per second of Internet bandwidth, according to its host, Sitelutions. The Million Dollar Homepage is scheduled to remain online for five years, and appears to now be back online after several hours of downtime, which can be seen in this performance chart:

milliondollarhomepage.com site performance

A dynamically updating performance chart is available for milliondollarhomepage.com. Netcraft offers a web site performance monitoring service that provides similar charts, along with e-mail alerts when an outage occurs.

Continue reading

MacWorld Expo Site Falters During Jobs Keynote

The official web site for the MacWorld Expo was bogged down by heavy traffic today as Apple CEO Steve Jobs took the stage at the Moscone Center for his annual keynote address. In a repeat of last year's keynote, the crush of surfers eager for details on the latest Apple products slowed macworldexpo.com to a crawl. The site was knocked offline Monday night, apparently from traffic chasing the latest rumors about new product unveilings. On Jan. 3 the site (which ironically is powered by Windows Server 2003) was shifted to new hosting digs at Level 3, perhaps in anticipation of heavy traffic during the annual MacWorld show.

Mac enthusiast sites adapted their sites to manage the extra traffic, as the Mac News Network went to an all-text, ad-free page as it live-blogged Jobs' speech.

macworldexpo.com Site Performance

A dynamically updating performance charts are available for the www.macworldexpo.com site.

January 2006 Web Server Survey

In the January 2006 survey we received responses from 75,251,256 sites, an increase of 897K sites from December 2005. With the gain, the Internet resumes its pattern of steady growth, which was interrupted last month with a decrease of 219K hostnames, which was the first decline in the survey nearly three years. The loss was the result of the expiration of 1 million .name domains at Zipa.

This month's analysis shows how changes at a single large provider can influence survey trends. The market share for the Apache web server is down by nearly three percent this month, due primarily to configuration changes at domain registrar Go Daddy. Its bulk hosting service includes a front-end system that generates an HTTP redirect when a site is first accessed — and this redirect is not served by (or, at least, does not identify itself as) Apache. Once the redirect is followed, or if the site is accessed a second time, it is then served by Apache. So this change (which, given the large number of sites hosted by Go Daddy, has not gone unnoticed), has caused a large swing from Apache to Unknown.

Total Sites Across All Domains August 1995 - January 2006

Total Sites Across All Domains, August 1995 - January 2006

Graph of market share for top servers across all domains, August 1995 - January 2006

Top Developers
DeveloperDecember 2005PercentJanuary 2006PercentChange
Apache5202538069.975050284067.11-2.86
Microsoft1555778620.921551095320.61-0.31
Sun18818612.5318798562.50-0.03
Zeus5773840.785615240.75-0.03

Continue reading

Who can block the largest number of phishing sites in January?

The Netcraft Toolbar blocked more than 41,000 phishing attacks in its first year. To get the new year off to a good start, Netcraft will send a top of the range iPod [or item of equivalent value for anyone who has already received a "Thanks for all the Phish" commemorative iPod from Netcraft] to the five people who have the largest number of phishing reports accepted during January, and a Netcraft sweatshirt to the 50 people with the next largest numbers of accepted reports.

To track the progress, we have created a leaderboard displaying the people with the largest number of accepted reports so far in January, identified by their first names to preserve their anonymity.

Including the toolbar community itself and customers of ISPs using our Phishing site feed, well over a million people are protected from phishing by the Netcraft Toolbar.

The Netcraft Toolbar is available for both Internet Explorer and Firefox, and serves as a giant neighborhood watch scheme for the Internet, in which members who encounter a phishing fraud can act to defend the larger community of users against the attack. Once the first recipients of a phishing mail have reported the target URL, it is blocked for toolbar users who subsequently access the URL and widely disseminated attacks simply mean that the phishing attack will be reported and blocked sooner.

Reporting a Suspicious URL

When you visit a page that you believe to be a phishing site, or contains fraudulent or deceptive content, we ask that you report it so that other toolbar users will benefit from your vigilance. The more sites that are reported, the more useful the toolbar will become for everyone.

You can report a URL by clicking on "Report a Phishing Site" in the toolbar menu, accessed by clicking on the Netcraft logo:

reportphish.png

After you report a URL, Netcraft will review the report and block the page if we confirm it as part of a phishing attack.