Koala loses a little karma with Ubuntu.com

Ubuntu.com was unavailable for some short periods during yesterday's release of Ubuntu 9.10 "Karmic Koala":

Ubuntu.com uptime during Ubuntu 9.10 release day

The 9.10 versions of Kubuntu, Xubuntu, Edubuntu, Mythbuntu, and Ubuntu Studio were also released at the same time.

The Ubuntu.com website is itself powered by an Ubuntu server running Apache 2.2.8. Netcraft's October Web Server Survey found a total of 1.4 million websites being served from known Ubuntu machines, nearly all of which were running the open source Apache web server.

White House goes Open Source

The White House launched a new version of its website on Saturday. While little has changed on the surface, the underlying technology is now powered by the open source Drupal content management system.

White House hosting history

The www.whitehouse.gov site was previously served by Microsoft IIS 6.0, but the new server software identifies itself as "White House". The new site continues to use Akamai's content delivery network for caching.

White House server headers

Drupal is the 6th largest PHP-based content management system in Netcraft's Web Server Survey, being found on more than 400,000 websites. Drupal's security will no doubt be put to the test in the coming weeks, as the White House website has always stood as an obvious target for hackers. Drupal's security team has a full disclosure policy of announcing security problems after they have been fixed, rather than withholding the information from its users.

Drupal's core security advisories are made public at http://drupal.org/security. Eight advisories have been published so far this year, which have included two highly critical file inclusion flaws which could have allowed remote attackers to execute code on Windows servers.

Citigroup Phishing surged after Wachovia Announcement

American financial services company Citigroup suffered a deluge of phishing attacks after Monday's news that it intended to acquire the banking operations of Wachovia Corporation.

The credit crisis has triggered a number of acquisitions in recent months, and fraudsters have previously tried to exploit such events by orchestrating phishing attacks against the acquiring companies. One motivation for these types of attack is the increased chance of success when potential victims have less familiarity with the genuine website that is being fraudulently mimicked.

However, the timing of this week's attacks may be coincidental — and subsequently Wachovia has announced that it will instead merge with Wells Fargo.

Citigroup phishing

Netcraft offers a countermeasures service to help banks and other financial organizations take down phishing sites. This service complements Netcraft's Phishing, Identity Theft and Bank Fraud Detection service and its free Anti-Phishing Toolbar.

MySpace adopts Windows Server 2008

MySpace has become one of the first very busy sites to adopt the use of Windows Server 2008, using the new Microsoft operating system on its redirection site at msplinks.com.

MySpace started using the msplinks.com site last year, in a bid to protect its users against spamming and phishing attacks. When users added a link into MySpace, the URL would be replaced with a link to msplinks.com, which would then redirect to the intended URL. This gave MySpace greater control over the links that originated from their site, allowing them to disable the links if they are found to point to spam, viruses or phishing sites.

MySpace initially received criticism for implementing their redirection system, as it resulted in all destination URLs being converted to lowercase. For some users, this broke links to popular sites such as YouTube, which uses case-sensitive URLs for its videos (e.g. http://www.youtube.com/watch?v=eBGIQ7ZuuiU).

While the msplinks.com server exhibits the TCP/IP characteristics of Windows Server 2008, and runs Microsoft's IIS 7.0 web server software, the main MySpace site at myspace.com continues to use IIS 6.0 and Windows Server 2003. Netcraft's Web Server Survey contains more than 8 million sites hosted by myspace.com.

'Msplinks' that are no longer in service cause the user to be redirected to a MySpace error page, which states that, "...the link was very naughty, and, much like head lice, had to be eliminated before it spread." The page then goes on to describe the possible reasons for the link being disabled.

A casual glance at the msplinks.com homepage reveals a distinct lack of content; however, the purpose of the site is contained in a hidden message written in white text, which can be viewed by highlighting the contents of the page, or viewing the HTML source:


Windows Server 2008 Sighted at www.microsoft.com and around the web

Microsoft has recently switched its main website, www.microsoft.com to Windows Server 2008 and Microsoft-IIS/7.0.

Although Windows Server 2008 is not yet released, Beta 3 is publicly available for early adopters to use. Internet Information Server 7 is already released, but will probably not see widespread use until Windows Server 2008 (formerly "Longhorn") is released, since it only runs on Windows Server 2008 or Windows Vista.

There are already around 2,600 sites running Windows Server 2008 on the Internet. Whilst some of the servers running Windows Server 2008 are at Microsoft itself, the majority are not, with developers and hosting companies taking advantage of Windows Server 2008's availability under a Go Live license which allows the beta to be used for testing or in a live environment without cost.

Windows Server 2008 is due to be released in the second half of 2007, although there has been media speculation - fueled by the 2008 name - that a release may be at the end of that period. Once it is released, it could be expected to take a long time for large numbers of sites to move over to the latest version; it took several years for the installed base of Windows Server 2003 to overtake Windows 2000, and there are still some 5 million sites running on Windows 2000 even today.

Internet Passes 600,000 SSL Sites

Netcraft's SSL Survey has found more than 600,000 SSL sites on the Internet for the first time this month. SSL sites are used by ecommerce sites, online banking and financial services, and other secure online service providers.

Netcraft's survey of SSL sites has now been running for over ten years. The first survey, in November 1996, found just 3,283 sites; since then, the number of SSL sites has had an average compound growth of 65% per annum.

Number of secure sites 1997-2007


The survey is a good guide to the growth of online trading and services. The survey counts sites by collecting SSL certificates; each distinct, valid SSL certificate is counted in the results. Each SSL certificate typically represents one company's details, and each certificate must be approved by a certificate authority, so the data is typically more consistent and less volatile than other attributes of the Internet's infrastructure.

Continue reading