Gawkwire: Web Hosting and Internet News Resource

WiredTree Offers LiteSpeed Web Server on All Hosting Plans

2009-04-20T14:00:00-04:00

CHICAGO, IL (PressAdvance) In response to strong customer demand, LiteSpeed WebServer is now available for a nominal monthly fee, discounted deeply from LiteSpeed’s direct pricing. The technology has been available previously for WiredTree customers upon specific request.

LiteSpeed WebServer is designed to replace Apache, the default web server technology in most Linux hosting environments. Utilizing the same configuration files and httpd.conf, the two can be substituted in a matter of minutes—all without causing scripts or applications to break. LiteSpeed WebServer is fully compatible with the cPanel/WHM hosting environment.

Compared to Apache, LiteSpeed WebServer noticeably reduces demand on vital system resources, including CPU and RAM. These performance enhancements are especially significant in virtualized hosting environments.

“WiredTree offers an optimal hosting environment for LiteSpeed technology. By better utilizing system resources, LiteSpeed WebServer improves overall server performance and creates a higher quality hosting environment. We are delighted to work with such a reputable and forward-looking hosting partner to deploy our solution,” said George Wang, LiteSpeed Technologies president.

“In many cases, the performance improvements from LiteSpeed WebServer make it a more cost effective option than upgrading server hardware,” said Zac Cogswell, WiredTree president. “Normal installations only take minutes, and the transition from Apache is essentially seamless.”

For more information about WiredTree, please visit http://www.wiredtree.com.

http://www.gawkwire.com/promotions/wiredtree_offers_litespeed_web_server_on_all_hosting_plans.html

Deluge of Browser Security Issues Drives Mass Migration

2009-04-01T18:00:00-04:00

(NetCraft) Financial institutions have noted that the Lynx browser is particularly suitable for online banking, as it supports the latest cryptographic ciphers used in ecommerce, and is immune to attacks via JavaScript, Flash and other multimedia content. Lynx's algorithms for dealing with such threats are so comprehensive, it is just as safe as if the multimedia content was not there. ...Go to Source http://www.gawkwire.com/technology/deluge_of_browser_security_issues_drives_mass_migration.html

Ongoing Phishing Attack Exposes Yahoo Accounts

2008-10-27T10:59:00-04:00

The Netcraft toolbar community has detected a vulnerability on a Yahoo website, which is currently being used to steal authentication cookies from Yahoo users — transmitting them to a website under the control of a remote attacker. With these stolen details, the attacker can gain access to his victims' Yahoo accounts, such as Yahoo Mail.
The attack exploits a cross-site scripting vulnerability on Yahoo's HotJobs site at hotjobs.yahoo.com, which currently allows the attacker to inject obfuscated JavaScript into the affected page. The script steals the authentication cookies that are sent for the yahoo.com domain and passes them to a different website in the United States, where the attacker is harvesting stolen authentication details.
When websites use cookies to handle authenticated sessions, it is extremely important to protect the cookie values and ensure they are not seen by other parties. Cross-site scripting vulnerabilities often allow these values to be accessed by an attacker and transmitted to a website under their control, which then allows the attacker to use the same cookie values to hijack their victim's session without needing to log in. This type of attack can be mitigated to some extent by using HttpOnly cookies to prevent scripts gaining access to the cookies — a feature that is now supported by most modern browsers.
Earlier this year, Netcraft blocked a similar flaw on another Yahoo website. The previous attack targeted a cross-site scripting vulnerability on Yahoo's ychat.help.yahoo.com site, which was served securely using a valid SSL certificate, adding further credibility to the attack. The attacker used the vulnerability to inject malign JavaScript into one of the site's webpages. Unlike the current attack, the injected code was sourced from a server in Spain, but also resulted in the victim's cookies being stolen and transmitted to a PHP script on the same server.

In both cases, Netcraft found that the Yahoo cookies stolen by the attacker would have allowed him to hijack his victims' browser sessions, letting him gain access to all of their Yahoo Mail emails and any other account which uses cookies for the yahoo.com domain.
Simply visiting the malign URLs on yahoo.com can be enough for a victim to fall prey to the attacker, letting him steal the necessary session cookies to gain access to the victim's email — the victim does not even have to type in their username and password for the attacker to do this. Both attacks send the victim to a blank webpage, leaving them unlikely to realise that their own account has just been compromised.

The Netcraft Toolbar protects users against both of these attacks, warning that the malformed Yahoo URLs contain cross-site scripting elements, and that the URLs have been classified as known phishing sites.
Netcraft has informed Yahoo of the latest attack, although at the time of writing, the HotJobs vulnerability and the attacker's cookie harvesting script are both still present. http://www.gawkwire.com/technology/ongoing_phishing_attack_exposes_yahoo_accounts.html

Websites See 3.9 Million Increase for June

2008-06-22T16:40:00-04:00

In the June 2008 survey Netcraft www.netcraft.com received responses from 172,338,726 sites.

The total number of sites has increased by 3.9 million this month, with the largest gain being seen at ThePlanet.com, where 632,000 new sites maintain its position as the 6th largest hosting company in the world.

A large switch to the Bahamas was seen at Secure Hosting Limited, where 1.2 million sites were gained from Nameview Inc. The offshore hosting company offers web hosting and dedicated servers from its data centres located in the Bahamas and Jamaica, and even provides dual-homed hosting for a 100% uptime guarantee.

Most of the new sites at Secure Hosting Limited were using the Lighttpd web server both before and after the switch, so Lighttpd's market share remains fairly static this month. Microsoft's IIS web server grows by 2 million sites, boosting market share by 0.36%, but Apache remains in the lead with a total of 49.1%.

LiteSpeed loses more than 600 thousand sites during this survey, while nginx gains more than a million sites; more than doubling in numbers. The WordPress blogging system recently converted all of its load balancers to nginx, using the upstream hash module to serve 8-9 thousand requests per second. Netcraft's site report shows the main WordPress site switching from LiteSpeed to nginx in April. nginx is a web server and mail proxy server written by Igor Sysoev.

To view Detailed Stats, please visit http://news.netcraft.com/archives/2008/06/22/june_2008_web_server_survey.html http://www.gawkwire.com/web_hosting/netcraft_website_survey_june.html