Hackers Targeting Security Hole in Twiki

A serious security hole has been discovered in TWiki, the popular open source collaboration software. The vulnerability allows remote attackers to execute shell commands on affected systems, and is already being actively exploited, with some analysts warning that a worm could soon follow. A hotfix is available from the TWiki web site.

TWiki is an enterprise collaboration platform typically used on development projects. It is used for internal communications at companies including IBM, Yahoo, Circuit City, Reuters, Boeing, General Electric, Wachovia and ZoneLabs. Some large companies use it to run web-facing Wikis, such as British Telecom's UK Telco B2B Forum.

Continue reading

Apache Rejects Sender ID Proposal

The Apache Project has rejected the Sender ID proposal for e-mail user authentication, saying the terms of Microsoft's license for the underlying technology makes it incompatible with open source software. The decision illustrates how anti-spam efforts have become the latest battleground between the open source community and Microsoft.

Apache's decision, outlined in a letter to the Internet Engineering Task Force (IETF), culminates weeks of discussion among the IETF, Microsoft and open source advocates over whether Sender ID could work as a standard framework for anti-spam measures.

"The current Microsoft Royalty-Free Sender ID Patent License Agreement terms are a barrier to any (Apache) project which wants to implement Sender ID," Apache chairman Greg Stein said in the letter. "We believe the current license is generally incompatible with open source, contrary to the practice of open Internet standards, and specifically incompatible with the Apache License 2.0. Therefore, we will not implement or deploy Sender ID under the current license terms."

Continue reading

PC Magazine places Netcraft as a Top 100 Classic Web Site

PC Magazine has awarded Netcraft a place in its 2003 Top 100 Classic Web Sites. Classic sites are defined as "perennial favorite, category leading sites", which one would most miss if stranded on a desert island.

PC Magazine is one of the world's leading computer publications with 6 million readers.

Solaris sites curiously slow to upgrade

A couple of months ago we highlighted the low numbers of sites migrating to Apache/2.0, and contrasted it with the speed at which site administrators adopted Apache/1.3.26 which contained a fix for a potential buffer overflow problem. 

If anything more surprising is the slow adoption of new versions of Sun's Solaris operating system. Solaris 9, released in May this year, is running on fewer than 1000 web site ip addresses found by the September survey, and there are roughly twice as many sites running Solaris 2 & Solaris 7 as are running Solaris 8, released in March 2000.

OSIP Addresses
 Solaris 2/7 165,527
 Solaris 881,730
 Solaris 9987

Historically, slowness to gather upgrade revenue has usually been a portent of trouble to come for web technology vendors, and the figures coincide with Sun's difficulties generating revenue and profits over the last eighteen months. By contrast, Windows .Net Server, which is not yet scheduled for release, has almost as many as ip addresses as Solaris 9, including some impressive, high volume sites, such as Nasdaq.

Sun would reasonably point out that their boxes typically cost a lot more, and the upgrade cycle for more expensive kit could be expected to be slower.