Slashdot Mirror

First when I saw it slashdotted, I thought ... bet the server is not running Linux!

Check it out:

http://toolbar.netcraft.com/site_report?url=http:/ /www.itbusinessedge.com

Don't let your insane hatred of Microsoft blind you to reality. Botnets are not an OS problem, they're a process, people and security problem. You can't change that (or anything else) by claiming everything you think is wrong is Microsoft's fault, or whining that anyone who points out otherwise is employed by them. Your little "if you don't hate everything I do and think the same way I do then you must work for M$" mantra gets more annoying every day.

Hillary Clinton - Registered via NetworkSolutions?!? Must have money to burn.
John Edwards - Can he make up his mind on a OS?
Barack Obama - Full Linux
Rudy Giuliani - Windows only, but only one entry
John McCain - From FreeBSD to MS? Did MS donate to you?
Mitt Romney - All but one Linux (that one is unknow, but I would say Linux)

Everyone but Hillary registered with GoDaddy

Hillary Clinton - Registered via NetworkSolutions?!? Must have money to burn.
John Edwards - Can he make up his mind on a OS?
Barack Obama - Full Linux
Rudy Giuliani - Windows only, but only one entry
John McCain - From FreeBSD to MS? Did MS donate to you?
Mitt Romney - All but one Linux (that one is unknow, but I would say Linux)

Everyone but Hillary registered with GoDaddy

Hillary Clinton - Registered via NetworkSolutions?!? Must have money to burn.
John Edwards - Can he make up his mind on a OS?
Barack Obama - Full Linux
Rudy Giuliani - Windows only, but only one entry
John McCain - From FreeBSD to MS? Did MS donate to you?
Mitt Romney - All but one Linux (that one is unknow, but I would say Linux)

Everyone but Hillary registered with GoDaddy

Hillary Clinton - Registered via NetworkSolutions?!? Must have money to burn.
John Edwards - Can he make up his mind on a OS?
Barack Obama - Full Linux
Rudy Giuliani - Windows only, but only one entry
John McCain - From FreeBSD to MS? Did MS donate to you?
Mitt Romney - All but one Linux (that one is unknow, but I would say Linux)

Everyone but Hillary registered with GoDaddy

Hillary Clinton - Registered via NetworkSolutions?!? Must have money to burn.
John Edwards - Can he make up his mind on a OS?
Barack Obama - Full Linux
Rudy Giuliani - Windows only, but only one entry
John McCain - From FreeBSD to MS? Did MS donate to you?
Mitt Romney - All but one Linux (that one is unknow, but I would say Linux)

Everyone but Hillary registered with GoDaddy

Hillary Clinton - Registered via NetworkSolutions?!? Must have money to burn.
John Edwards - Can he make up his mind on a OS?
Barack Obama - Full Linux
Rudy Giuliani - Windows only, but only one entry
John McCain - From FreeBSD to MS? Did MS donate to you?
Mitt Romney - All but one Linux (that one is unknow, but I would say Linux)

Everyone but Hillary registered with GoDaddy

Netcraft and Secunia confirms it!

At 58.7%, Apache 2 had 33.
At 31.0%, IIS 6 had 3.

Those were vulnerabilities reported since 2003, or 11 and 1 per year, respectively. That would seem to suggest market share does correlate.

However, using the CERT vulnerability database dating back to 2000:

IIS gets around 22 and Apache almost 30.

Conclusion? Apache has predictably shown more vulnerabilities than IIS versions over the same time period, correlating a direct market share to vulnerability relationship (although not in strictly 1:1 proportions). Prior to 6 revs of IIS show it's crap vs. Apache. However, recent revisions to IIS show a *substantial* decrease in that proportion of market share to vulnerabilities, which Apache has not shown.

Looks like ebay is run mostly on windows and IIS. See here

It might not be possible to fix their system.

According to Netcraft, eBay appears to heavily use Microsoft software for their main North American operations. If that list is correct, it seems that most of their sites run on Windows 2000 or Windows Server 2003, using IIS 5.0.

If these exploits are due to problems within Windows or IIS, it's basically outside of eBay's control as to whether or not such things get fixed. But we also have to question the competency of developers who would choose to base any significant, Web-based system on Windows. From a technical standpoint, it is insufficiently secure, and thus anybody in the know would avoid it. Web sites like eBay call for the use of high-quality, high-security operating systems like Linux, Solaris, HP-UX and AIX.

Maybe you shouldn't bother with the patches. If you're running any of the well-known PHP software, there's a good change your server has already been compromised by one or more such script kiddies.

I actually persuaded my business partner to authorise a 2-month long project to reimplement all the features we need from phpBB from scratch, rather than use original code, just for this reason. It didn't take much work to convince him that we didn't want the hassle of having to deal with regular 0-day exploit scripts in the wild.

Maybe you shouldn't bother with the patches. If you're running any of the well-known PHP software, there's a good change your server has already been compromised by one or more such script kiddies.

I actually persuaded my business partner to authorise a 2-month long project to reimplement all the features we need from phpBB from scratch, rather than use original code, just for this reason. It didn't take much work to convince him that we didn't want the hassle of having to deal with regular 0-day exploit scripts in the wild.

According to Netcraft the RadarSync site runs on Apache/2.0.40 Red Hat Linux:

http://toolbar.netcraft.com/site_report?url=http:/ /www.radarsync.com

You know what? That 404 page being a complete IIS/Windows/Microsoft advertisement in name of "help" is really insightful for me and some others.

I mean the fact that RIAA/MPAA somehow loves using Microsoft software.

RIAA hides their OS for some reason but it can be easily found in IIS 404 page like http://www.riaa.com/test.html

A true open or documented independent codec (e.g. h264) based web market which everyone can sell their art without those leeches are bad for Microsoft too, where would be "Sorry, Windows needed to purchase our music/movie" messages? Where would be Microsoft?

BTW congratulations to MPAA for porting IIS/6.0 to Linux! http://toolbar.netcraft.com/site_report?url=http:/ /www.mpaa.org

I fail to understand the point of this article. Explain to me again how the world is worse-off because IBM chose to open the code for Eclipse. Hall's argument appears to be that opening code may advantage a company like IBM by forcing smaller competitors like Borland to compete against a zero-cost product. That argument seems pretty myopic to me, to say the least. It reflects an outdated view of the software marketplace that ignores the fast-growing competitive threat of free software. Borland and other proprietary software companies are no longer competing just against one another. Their competitors now span the globe and include individual developers, noncommercial cooperatives, and yes, even some commercial entities like RedHat and IBM.

I guess I no longer care whether companies like Borland survive. Their contemporary equivalents now display their wares at SourceForge. In another ten or twenty years, many more people will look to open-source repositories, and not to Microsoft, IBM, Borland, Staples, or download.com, when they want to find some new piece of software. Of course, there's already so much free software available that all or most of the programs most ordinary people need are already included for free on a Linux distribution CD.

Sure IBM has enough resources that they can develop a product like Eclipse and give it away, but what's the harm in that? Society as whole almost certainly benefits, if only in an economic sense, whenever commercial software can replaced by an effective no-cost alternative. Many of us, myself included, think that society also benefits, and perhaps benefits more greatly, when that no-cost alternative is also open-sourced and freely redistributable.

Open source has its greatest competitive advantage when it's written to fulfill some commodity function, be it serving up web pages, displaying a graphical desktop, or providing tools to develop software. These days an IDE is a commodity and not likely to be a major profit center in the years ahead.

Soon after the invention of web, a number of companies attempted to sell proprietary web-server software. Most of those companies are gone, destroyed by a bunch of ne'er-do-wells who took free software (NCSA httpd -- paid for by the US taxpayers no less) and refined it into the dominant web server on the planet. Even Sun and Tim O'Reilly probably aren't all that sad about the failure of their efforts to make money selling web-serving software. O'Reilly has no doubt made more money selling books about Apache and related software like PHP than it ever would have selling the web server software itself. Maybe that's why O'Reilly left the software business in 2001.

If having open software means that some 13-year-old who wants to learn Java can do so more easily with Eclipse, in the long run everyone benefits. If companies can't compete effectively against open-sourced software products, then that money would be better invested in some other endeavor.

From netcraft, it would appear that they just switched. Hmmm.

run Windows for their website?

Any kind of web insanity is likely to come from the people who, according to Netcraft, manage to run IIS on Solaris.

Their website is probably run by a grid of PPC macs...

Promoting sex outside of marriage! Just how low will these "people" go?

The government's site is running Debian with Apache

http://toolbar.netcraft.com/site_report?url=http:/ /www.guv.ro

Ummmm, no. You asked for citations, and I gave them. The personal insults are gratis.

Sorry, I somehow broke the third link, it should have been The largest movement of sites from Apache to IIS was once again at Go Daddy, with over 1.6M hostnames moving from Apache to IIS this month.

> Nowhere in said pages is information related to Microsoft paying GoDaddy.
You're aware, aren't you, that GoDaddy still hosts their real (non-parked) sites on Apache, aren't you?

> Nowhere in said pages is information related to Microsoft paying GoDaddy. Only information which indicates GoDaddy switched and Microsoft was very pleased was to be found.
Dude, you're killing me. GoDaddy selected IIS on its technical merits over Apache. And I'm the Queen of England.

Why yes, Microsoft fanboi, since you're obviously "informationally challenged", how about reading:
Microsoft Corp. today announced...
or here
or This month's survey brings one of the largest one-month swings in the history of the web server market, as Microsoft gains 4.7 percent share while Apache loses 5.9 percent. The shift is driven by changes at domain registrar Go Daddy,
or The largest movement of sites from Apache to IIS was once again at Go Daddy, with over 1.6M hostnames moving from Apache to IIS this month.

Or just try Googling "Microsoft GoDaddy", you'll get the idea.

Considering that the Netcraft uptime list shows a change of hosting/ip, chances are they forgot to renew and the domain was immediately squatted.

A quick scan shows that they are running Solaris 8 guess they are living in the past :)

It is correct, according to the Netcraft survey. In fact MS has gone up recently - this is attributed to massive amounts of domain names added to Windows Live blogs.

Have you taken a look at the market share for web server software at the moment? Apache currently has 60% of the market while Microsoft only has around 30%. While this is slightly different than the whole GNU/Linux vs. Windows popularity debate, it makes the same point. Also, Linux is fundamentally more secure than Windows for a couple different reasons. One is the history. Windows was originally a single user operating system that was designed with very little to no security in mind. GNU/Linux was based off of Unix and was a true multi-user, multi-tasking operating system from the start. Microsoft had to tack "multi-user" capabilities and security on their single-user operating systems. They have been doing this since the NT days and the problems STILL have not been worked out.

Any operating system is only as secure as its admin allows it to be. Any idiot admin can make any OS insecure. But fundamentally, GNU/Linux had security and the whole idea of multi-user from the start, while Microsoft later tacked it onto their existing products. This is just one of many reasons why the whole "security-by-obfuscation" is for the most part invalid.

(Web server surveys - http://news.netcraft.com/archives/web_server_surve y.html)

But soon Google and Yahoo, who provide most of the ads on parked sites, found that click-throughs from parked pages often didn't lead to sales, and many advertisers didn't want to buy AdWords and then have them show up on these sites with no content. Some of the largest parking services began switching to a pay-per-action business model, instead of pay-per-click.

Meanwhile, venture capital firms started pumping money into the sector, buying up registrars (like Demand Media's deals for eNom and BulkRegister) and large domain portfolios. Vector Capital bought Register.com, and Perot has a piece of Internet REIT. The VCs and Wall Street investors prefer to monetize their domains with developed web sites instead of parked pages. Many of them are using free user generated content to populate these sites with articles and forums linked to their target keywords. Google likes these sites better, and they appear to get more relevant traffic and click-throughs.

But there will always be plenty of smaller operators with thousands of single-page ad-filled parked domains. The low price of domains means there's virtually no barrier for entry into this business, and that's not likely to change anytime soon.

The company now uses Linux in the data center of its current Web presence but had some trepidation with the idea of expanding it a much larger operation. "To think about using it pervasively, we were very concerned about it," she said. The larger Web operation would have "significantly higher legal exposure."

In a great many cases FOSS applications are better than the equivalent commercial sotware.

First case in point is Apache. If you want a monkey to be able to creat a web site, go with IIS. If you want to create something truly resilient to attack, that scales well enough to cope with with very high loads without filling entire datacentre with your server farm you use Apache. Take a look at the following link: http://news.netcraft.com/archives/web_server_surve y.html

I know MS has made some recent inroads in the case of active sites but the market share still shows Apache in the lead. Now some people may argue that since .NET Windows 2003 is better than apache. Maybe they are right, but apache still has more sites so maybe it is because things take time to change.

Once upon a time there was an expression in the IT industry the nobody was ever fired for buying IBM. This referred to the fact that even at the time (early 90's) there were alot of people making clones of IBM machines alot cheaper than IBM, businesses would still spend the extra for the IBM badge. It took a long time after the clones became cheaper for some IT managers to trust them and the price difference had to be rather large (enough for the manager to a large bonus if the switch worked out, other wise it wasn't worth the personal risk of embarassment).

I believe that recently the useability of FOSS products like Open Office has got to the state where departments could switch, especially in small business that currently get away with using one legal copy of office for the entire company. If Microsoft forced these companies to switch to Open Office or cough up for legal non-upgrade versions of office for every PC more people would end up using Open Office, especially in the case of staff who only use Office for reading other peoples Word documents once in a blue moon. If this many people became used to using non-MS office software it would help alleviate the perceived skills gap which prevents alot of companies from adopting it at present.

And this is even more apparent for home users (particularly students). Why do you think MS offers software to students so cheap? For the same reason the banks will throw money at students in the form of overdraughts, they are professionals of tomorrow so get them tied to you as early as possible. This is even more applicable to software where the skills involved often take years to accumulate.

It will take years for FOSS products to overtake commercial software even if they are better products due to the reluctance of most (sensible) business managers to take a giant leap into the unknown.

(Bit of a rambling reply but hopefully you get my point)

Does anybody know which bank the submitter is talking about?

Netcraft confirms it.

All SSL really knows is what public key it's communicating with.

It will download a data structure in which the public key and some character strings are authenticated with yet another party's private key.

The rest is hope and trust that the signer does due diligence and hasn't been compromised.

If the "certificate" does prove who you're communicating with, SSL doesn't tell you that until you click on the padlock and look up certificate properties. Until then, all it's told you is that the domain name matches. If West African Phish and Game buys a certificate for "paypal-reverify.com", SSL will not warn you about them. This isn't hypothetical.

Netcraft confirms it :-) More than 450 Phishing Attacks Used SSL in 2005

did Netcraft confirm this?

Windows 2000 according to Netcraft ;)

http://uptime.netcraft.com/up/graph?site=www.ahmad inejad.ir

Rubbish. IIS is massive on intranets and even on the internet. Maybe it isn't as big as Apache, but it certainly comes a close second (30+% of server market).

BTW, I loath Microsoft products. I'm active in trying to get my employer away from deploying 4000+ desktops with Win2k, and trying to migrate some small businesses I do consultancy work for away from Microsoft onto Linux / BSD based products. I've had enough of supporting inconsistent rubbish.

neither TCP nor IP have time information in the headers

It seems to have escaped many of Slashdot's readers that ComScore isn't the authority on Internet traffic. According to NetCraft, Google is the #1 most visited website. These "most visited site" statistics should be taken with a grain of salt. After all, 89.3% of statistics are made up on the spot anyway ;)

It seems to have escaped many of Slashdot's readers that ComScore isn't the authority on Internet traffic. According to NetCraft, Google is the #1 most visited website. These "most visited site" statistics should be taken with a grain of salt. After all, 89.3% of statistics are made up on the spot anyway ;)

Netcraft.com rankings: http://toolbar.netcraft.com/stats/topsites?s=2629A F9E8226E9D5E21D0E6F8945#89"

1 http://www.google.com/ November 1998 Google Inc. Go US
2 http://www.yahoo.com/ August 1995 Inktomi Corporation Go US
3 http://www.google.de/ April 1999 Google Inc. Go US
4 https://www.google.com/ May 2002 Google Inc. Go US
5 http://www.google.co.uk/ April 1999 Google Inc. Go US
6 http://www.google.fr/ November 2001 Google Inc. Go US
7 http://www.microsoft.com/ August 1995 Microsoft Corp Go US
8 http://mail.google.com/ June 2004 Google Inc. Go US
9 http://news.bbc.co.uk/ December 1997 BBC News Online Go UK
10 http://www.bbc.co.uk/ August 1995 BBC Internet Services, Docklands. Go UK

Slashdot is some 89 today.
Looks like the rank depends on who does the counting.

"...OS X goes largely unexploited, and for good reasons - too much work with little gain."

Windows is the only OS I know of that will get an exploit if you leave it alone long enough. Only the "air gap firewall" can help it.

Security comparisons between OS X and Windows has less to do with smarter users (trust me on that one) and more to do with the origin of the OS. Windows is a shell on top of DOS which was not a network aware OS (why am I telling you this?). Everything built on top of 'WinDOS' in the Redmond vacuum chamber didn't even consider the dangers of an unauthenticated scripting host with free access to anything and everything on the machine. That's a primary issue with Windows. Outlook just has to check for new email to obey the embedded commands. The Internet was a very rude awakening for Microsoft.

With only 30% (or so) of the servers on the Internet being Windows http://news.netcraft.com/archives/web_server_surve y.html, why are they the clear majority of compromised servers? http://attrition.org/errata/statistics/stats-26.ht ml. I've seen numbers in the 95% range and I'm still seeing Code Red and Nimda attacks on my logs. That dims the safety through obscurity excuse.

The real motherlode is all the Windows machines connected straight to DSL and cable modems. That's the electronic equivalent of standing on a street corner in Key West bent over with your shorts down to your ankles. It's also the source of almost 100% of the spam we get.

Mac OS X was built upon a flavor of Unix (there - I said it) which was network aware from the start with 100,000 sets of eyeballs on the code.

That said, I heartily agree that "click here to see the dancing monkeys" exploits are the fault of naive users.

There's no way they get the name. The site is being used to sell PC war simulation games, a legitimate business. Netcraft is reporting that he's had the same IP address for four years, long before MGM started filming. There's no cybersquatting here.

Netcraft does confirm "top servers'" back end make.
Apache wins by a long shot, but that could be served on Windows too.

From the Netcraft's GNU/Linux distribution share stats:

RH - 34%,
Debian - 25%
Suse - 11%

--
In any case, our company runs Postgresql so we are not likely to loose any sleep over this decision.

Yeah, the server that you mention may be 2003, but all of the other servers on netcraft show linux/apache. http://toolbar.netcraft.com/site_report?url=http:/ /www.ucla.edu

http://uptime.netcraft.com/up/graph?site=www.ident ityalert.ucla.edu
Windows Server 2003 Microsoft-IIS/6.0 12-Dec-2006 164.67.134.79 University of California, Los Angeles

99 % of all CC thefts on the web involve Windows and IIS, and yet windows they occupy less than 1/3 of the http AND https space. Amazing that so many look over this simple stat. It seems that only the cracker and Al Qaeda are the only ones taking notice of that.

Actually, they do...to a point:

http://news.netcraft.com/archives/2003/08/17/wwwmi crosoftcom_runs_linux_up_to_a_point_.html
(old article and I wasn't able to duplicate their test so it may have changed)

Once again, all one has to do is acknowledge the Apache vs IIS marketshare numbers to realize that 'security through obscurity' isn't the entire picture.

http://news.netcraft.com/archives/web_server_surve y.html

Well, if you are not happy with Novell, you can always migrate to Debian, the second largest GNU/Linux distribution.

From the Netcraft's GNU/Linux distribution share stats:
RH - 34%,
Debian - 25%
Suse - 11 %