securityspace.com · Domains · Slashdot Mirror

Re:ssh ? by rseuhs · 2002-03-18 01:29 · Score: 2 · on Microsoft XP License Prohibits VNC

Well, "borgboy" if Windows is so great on servers why does it's marketshare go down the drain?

How? by Score0,+Overrated · 2002-01-24 09:53 · Score: 2, Redundant · on Comcast Gunning for NAT Users

How do you even detect NAT?

There's this which describes a way to find webservers behind NAT, but what about the general case?

Re:Other news by akihabara · 2002-01-01 22:06 · Score: 1 · on Is Domain Speculation Bust?

It's curious how Security Space has Apache striding ahead for the last 4 months, while Netcraft does the opposite.

It appears that Security Space doesn't fall for the IE is IIS spoof mentioned elsewhere, or else one or the other web site has an agenda.

Re:Methodologies are important by KnightStalker · 2001-10-01 04:36 · Score: 4, Informative · on Netcraft Survey Updated

See here for server statistics on the top 1000 linked sites.

Executive summary:
Apache 41%
Unknown 18%
IIS 13%
Netscape Enterprise 12%

Assessment leaves something to be desired by Anonymous Coward · 2001-10-01 01:02 · Score: 0, Troll · on Netcraft Survey Updated

The analysis are a bit skewed in several well-known ways.

Hosts are being counted here, and the manner in which they are discovered (zone transfers),
means that a LOT of garbage (parked sites, unused sites, etc) is being picked up. Having a dead site disappear doesn't mean an awful lot.
Claiming that 80,000 IIS servers disappeared without having a context as to what the normal month-to-month change is means nothing. How many servers changed hands the previous month? The month before that? One needs context, which is missing here. An example of actual month-to-month analysis published regularly can be found at SecuritySpace's monthly theft & upgrade reports. Here you can see the changeover for actual live sites.
Claiming sites haven't yet reacted to Gartner group's recommendations is a bit bogus as well. I don't know any shop that will within a one week time frame make this kind of fundamental shift, port applications/pages, etc. It's would be much more instructive to see how the MS market share pans out by, say, the end of this up-coming January.
Claiming there is significant growth in Germany: this is because of a the receipt of a new zone transfer file, not because of actual growth. In fact, SecuritySpace's numbers show actual market share for Germany shrinking (from 7.95% in August to 7.76% in September).

Statistics are useful, but one must take care to understand exactly what they are saying, and to also understand the impact of data collection mechanisms in place.

Assessment leaves something to be desired by Anonymous Coward · 2001-10-01 01:02 · Score: 0, Troll · on Netcraft Survey Updated

The analysis are a bit skewed in several well-known ways.

Hosts are being counted here, and the manner in which they are discovered (zone transfers),
means that a LOT of garbage (parked sites, unused sites, etc) is being picked up. Having a dead site disappear doesn't mean an awful lot.
Claiming that 80,000 IIS servers disappeared without having a context as to what the normal month-to-month change is means nothing. How many servers changed hands the previous month? The month before that? One needs context, which is missing here. An example of actual month-to-month analysis published regularly can be found at SecuritySpace's monthly theft & upgrade reports. Here you can see the changeover for actual live sites.
Claiming sites haven't yet reacted to Gartner group's recommendations is a bit bogus as well. I don't know any shop that will within a one week time frame make this kind of fundamental shift, port applications/pages, etc. It's would be much more instructive to see how the MS market share pans out by, say, the end of this up-coming January.
Claiming there is significant growth in Germany: this is because of a the receipt of a new zone transfer file, not because of actual growth. In fact, SecuritySpace's numbers show actual market share for Germany shrinking (from 7.95% in August to 7.76% in September).

Statistics are useful, but one must take care to understand exactly what they are saying, and to also understand the impact of data collection mechanisms in place.

Assessment leaves something to be desired by Anonymous Coward · 2001-10-01 01:02 · Score: 0, Troll · on Netcraft Survey Updated

The analysis are a bit skewed in several well-known ways.

Hosts are being counted here, and the manner in which they are discovered (zone transfers),
means that a LOT of garbage (parked sites, unused sites, etc) is being picked up. Having a dead site disappear doesn't mean an awful lot.
Claiming that 80,000 IIS servers disappeared without having a context as to what the normal month-to-month change is means nothing. How many servers changed hands the previous month? The month before that? One needs context, which is missing here. An example of actual month-to-month analysis published regularly can be found at SecuritySpace's monthly theft & upgrade reports. Here you can see the changeover for actual live sites.
Claiming sites haven't yet reacted to Gartner group's recommendations is a bit bogus as well. I don't know any shop that will within a one week time frame make this kind of fundamental shift, port applications/pages, etc. It's would be much more instructive to see how the MS market share pans out by, say, the end of this up-coming January.
Claiming there is significant growth in Germany: this is because of a the receipt of a new zone transfer file, not because of actual growth. In fact, SecuritySpace's numbers show actual market share for Germany shrinking (from 7.95% in August to 7.76% in September).

Statistics are useful, but one must take care to understand exactly what they are saying, and to also understand the impact of data collection mechanisms in place.

Assessment leaves something to be desired by Anonymous Coward · 2001-10-01 01:02 · Score: 0, Troll · on Netcraft Survey Updated

The analysis are a bit skewed in several well-known ways.

Hosts are being counted here, and the manner in which they are discovered (zone transfers),
means that a LOT of garbage (parked sites, unused sites, etc) is being picked up. Having a dead site disappear doesn't mean an awful lot.
Claiming that 80,000 IIS servers disappeared without having a context as to what the normal month-to-month change is means nothing. How many servers changed hands the previous month? The month before that? One needs context, which is missing here. An example of actual month-to-month analysis published regularly can be found at SecuritySpace's monthly theft & upgrade reports. Here you can see the changeover for actual live sites.
Claiming sites haven't yet reacted to Gartner group's recommendations is a bit bogus as well. I don't know any shop that will within a one week time frame make this kind of fundamental shift, port applications/pages, etc. It's would be much more instructive to see how the MS market share pans out by, say, the end of this up-coming January.
Claiming there is significant growth in Germany: this is because of a the receipt of a new zone transfer file, not because of actual growth. In fact, SecuritySpace's numbers show actual market share for Germany shrinking (from 7.95% in August to 7.76% in September).

Statistics are useful, but one must take care to understand exactly what they are saying, and to also understand the impact of data collection mechanisms in place.

Re:It seems like people are already doing it by shibut · 2001-09-24 09:05 · Score: 1 · on Gartner Group Suggests Dumping IIS For Now

The actual site is this . I think it's interesting to note that the .us domains have a very different distribution from the .com, .edu, .org, etc.

Re:It seems like people are already doing it by shibut · 2001-09-24 09:05 · Score: 1 · on Gartner Group Suggests Dumping IIS For Now

The actual site is this . I think it's interesting to note that the .us domains have a very different distribution from the .com, .edu, .org, etc.

Code Red Self Test by Anonymous Coward · 2001-08-10 06:03 · Score: 0 · on Code Red III

For those of you that are wondering if you're vulnerable, an on-line tester will tell you if you are susceptible to any of the code red worms, and currently tells you if you've already been infected with Code Red II.

Code Red Self Test by staplin · 2001-08-07 10:40 · Score: 5, Interesting · on Code Redux

While out and about looking for the latest Code Red statistics, I found this link to a Code Red Self Test which is supposed to tell you if you are vulnerable, and if you have been infected.

I don't know if it works, I don't have a Win boxen to test it on...

Re:GIF formatted images by BeanThere · 2001-08-06 17:30 · Score: 3, Informative · on Who'll Be Using Ogg Vorbis Instead Of MP3?

See this for some stats on PNG usage. It looks very low, but one should also keep in mind the shape of the technology adoption curve, it has a long run-in time, but once it hits the upward slope it climbs quickly.

Also, GIF has been around a lot longer than PNG - wait until PNG is as old as GIF is now, I think you'll see a lot less one-sided picture then.

Keep in mind that viewers for most platforms have only really become widely available in the past year or two. So in the next year or two we'll start to see an upswing in PNG usage. GIF and JPEG both have their place (jpeg files are still smaller for, uh, "natural" images where a certain amount of loss is acceptable to most people) and will no doubt be around a looong time, but I think in three or four years those securityspace figures will probably be looking more like 40/40/20 for GIF/JPG/PNG. If you look at the general trend there over the past eight months, PNG has been slowly climbing, while GIF slowly dropping. I don't see PNG replacing jpeg though as the dominant format for, uh, "natural" photographic type images anytime in the next five years - not until bandwidth and disk space really become "non-issues", at which time people might start looking for a bit more quality. I doubt it though, people have shown time and again that they don't give a crap for quality (just look at the popularity of Windows, boyzone, TV sitcoms, MacDonalds etc). Depressing, but thats the way it is.

Re:There's been stacks of Unix worms this year by SpeelingChekka · 2001-08-06 13:43 · Score: 1 · on Code Red Back For More

And there will be more in the future as Linux becomes more mainstream

Apache already runs more than half (another survey here) the web servers on the Internet, yet the major worms are still the IIS ones. Roughly 25 to 35 percent of web servers are running Linux, about the same as IIS. So by your reasoning, Linux and/or Apache should already currently be seeing as many Code Red style worms. Yet the IIS worms manage to infect thousands of times more machines.

Even if Linux was used on 80% of desktop systems, we still wouldn't see as many Linux worms/viruses as we do on Windows. Why? Simple, there are just so many more layers of protection built into the OS that make it harder for viruses to spread. We'd see a lot more than we do now, sure, but it will never get anywhere near the levels it has reached on Windows, where literally hundreds of new viruses are created every single day, and viruses with very widespread infections are roughly a weekly occurence now.

Cookies != Web Bugs by Anonymous Coward · 2001-06-08 02:43 · Score: 1 · on Web Bug Detector

I wish people would realize that web bugs and cookies ARE NOT THE SAME THING. A bug is a spying device. It does not rely on cookies. It does not rely on images (although they are commonly used.) It does not rely on 1x1 pixel images (which in most cases are NOT used - hell, every banner ad from every banner ad company is a web bug!). JavaScript code, images, frames, shockwave can all be bugs. Why? Because one can create a page (say on server X), with references to ANOTHER server (say Y) containing the objects. So when a person visits the page on server X, server Y gets to know about it.

Cookies definitely can exasperate the problem by providing additional information. But bugs are not reliant on cookies. You can block all cookies and block all images and you will not block all web bugs. The reason advertising companies like to use cookies is that you can track additional information easily, because the browser obligingly stores the data and spits it back on demand, even after you shut the browser down and start it back up, often hours, days or weeks later.

For reference, check the Web Bug Report quote in the CNET article and you'll notice that the report shows the types of bugs (imgs, iframes, etc.) that are present. A very large # of them are not images...

How can you blame MS for this? by wadetemp · 2001-03-01 12:12 · Score: 2 · on Microsoft: The Biggest Web Bugger

A recently released web bug report shows that Microsoft (via Link Exchange) is bugging more web sites than any other organization.

From the data presented, it seems LinkExchange is the most common "web bugging" service. But that's what it is, a service. The companies paying for LinkExchange ads are the ones driving the "bugging". Without companies wanting to advertise and do business cheaply on the web there would be no LinkExchange/bCentral. Just because LinkExchange seems to be the most popular of web ad services doesn't mean it's some evil MS plot to bug the world. It just seems to be doing good business. If you ran an ad service, wouldn't you dream of the same?

Re:Almost impossible to do it right by reinke · 2001-01-04 23:01 · Score: 2 · on Vulnerability Assessment Scanners Comparison

While true that automated checks don't constitute a complete pen, complete pen tests are expensive, while automated checks are quite cost effective. I'd much rather see someone run at least a good automated audit of their site than no audit at all.

What's sad: Every day we (www.securityspace.com) have examples of customers that KNOW they have high risk security vulnerabilities (holes that would get their box rooted according to Nessus), and don't even bother to pay $50 for an automated audit. It's this type of "the net is so big, and I really won't be hit by a break-in" mentality that will

move the major banks/credit card companies to introduce security requirements of their on-line merchants (the way I believe Visa will be forcing firewalls as a requirement)
force government legislation on security policies and practices (I believe Spain is already moving there on this)

I'd almost say site operators are getting what they deserve when they are broken into, except for the fact that it is the visitor of the site these days that ends up paying for it...