Articles about netcraft

Phisherfolk dangle bait at dot-fish domain

Netcraft 'net watchers have cast a fly over the lake of generic TLDs, and turned up the first .fish domain dedicated to – wait for it – phishing. The net-trawling service has previously landed sites on both the .fish and .fishing gTLDs, but parser.fish has earned the distinction of being the first baited with in-plaice …
A beaver chewing down a tree

New 'Beaver' web server has exactly ONE user outside China

Netcraft's monthly survey of web-facing computers has turned up an oddity: a new web server called “Beaver” that's used by exactly one web site outside China. “Just over a million sites now exhibit the Beaver Server header, and these make use of more than 110,000 unique domain names – mostly under the .cn top-level domain,” …
Simon Sharwood, 29 May 2017
OpenResty Logo

WTF is OpenResty? The world's fifth-most-used Web server, that's what!

Netcraft's September survey of the world's most prevalent web servers turned up something interesting: a dip for all major servers but a sudden spike for OpenResty. Open what? OpenResty is a superset of the nginx web server, but bundled with LuaJIT, a just-in-time compiler for the Lua scripting language. We've not covered Lua …
Simon Sharwood, 20 Sep 2016

Only 0.1% of you are doing web server security right

Venerable net-scan outfit Netcraft has issued what cliché would describe as “a stinging rebuke” to sysadmins the world over, for ignoring HTTP Public Key Pinning (HPKP). Pinning is designed to defend users against impersonation attacks, in which an attacker tricks a certificate authority to issue a fraudulent certificate for a …
zombie_648

American military sites secured with dud SHA-1 cipher

America, your military fails at security. That's the message from Netcraft security expert Paul Mutton, who has found a bunch of Department of Defence (DoD) agencies issuing SHA-1 certificates. SHA-1 is almost as old as the art of war: created in 1995, it was secure then, but now, you only need US$75,000 to buy enough cloud …
Fake certificate

Faked NatWest, Halifax bank sites score REAL security certs

UK Banks Halifax and NatWest are among organisations targeted by fake sites that have won SSL certificates from certification authorities (CAs). Netcraft says certifiers who should know better – such as Symantec, Comodo, CloudFlare's certification partner GlobalSign and GoDaddy – have handed out certs to sites like …
Simon Sharwood, 13 Oct 2015
Parking meter FAIL from Ryan Stele's Flickr account  https://www.flickr.com/photos/tweek/139509551/in/photolist-dk2k6-8VcmSf-5w27pU-7RdimR-7RdiiK-7RdifK-7Rgz8f-7Rdiai-czUVBh-9Ls61i-5cY5jG-9bGK2Y-6VH3Xz-5YVGNT-abaRJ9-6PjTC5-6opqMB-jitAoe-5Yvee7-65tNZD-5xf3hB-a9Zegh-845DZg-ocfXQT-bfZB5z-aWWvax-bVe3vu-6yra6f-6yra4A-8nudtt-6WhDiL-6qNQyT-7YYReC-6yra5N-6yra3w-6yra2Y-6yn2HX-a6MPYs-6yn2Qx-6yn2Pv-6yra49-6yra2q-6yn2Hx-6yra57-6qT1yb-55rYVK-6yra75-6yr9ZQ-6odx71-68EVsF

Google broke own security with April fool gag

On April 1st Google had a bit of fun by using the com.google domain to display all content backwards, but the folks at Netcraft think that jape backfired by introducing security vulnerabilities to the search engine. Netcraft's security folks say the joke “... inadvertently undermined an important security feature on Google's …
Simon Sharwood, 19 Apr 2015

Chinese 'linkfarms' propel Microsoft to web server crown

Netcraft has updated its analysis of web server market share and found that Microsoft is now the world's dominant provider of such software, albeit with plenty of caveats. The traffic-watching firm says Apache is the leader in terms of active sites, with 91 million compared to Microsoft's 21 million. But Microsoft is all over …

Netcraft adds Heartbleed sniffing to site-scanning browser tool

Internet stats clearinghouse Netcraft has released a new tool aimed at letting consumers know when the sites they visit might have been compromised by the Heartbleed encryption bug. There are lots of tools available that can scan servers to determine whether they're affected by the Heartbleed vulnerability right now, albeit of …
Neil McAllister, 18 Apr 2014
Mobile phone stolen by pickpocket

Thought mobe banking apps were safe from nasties? THINK AGAIN

Fake SSL certificates in the wild for Facebook, Google and Apple's iTunes store create a grave risk of fraud for people who bank online using their smartphones. Analysis outfit Netcraft said it has found "dozens” of fake SSL certificates impersonating banks, ecommerce sites, ISPs and social networks. The counterfeit …
John Leyden, 14 Feb 2014
The Register breaking news

Wikileaks Iraq War Logs vanish from Amazon US

WikiLeaks' "Iraq War Logs" site is no longer hosted on US-based servers operated by Amazon.com, according to internet records. Warlogs.wikileaks.org is now mirrored only on Ireland-based Amazon servers and France-based servers from French service provider Octopuce, records collected by UK-based internet research outfit …
Cade Metz, 27 Oct 2010
globalisation

Weak sigs found on one in seven SSL sites

One in seven digital certificates that stamp the authenticity of secure web sites use a vulnerable signature algorithm, according to a new survey. The shortcoming underlines the need to drop the insecure signing mechanism before its shortcomings are exploited in more convincing phishing attacks. Netcraft reports that 14 per …
John Leyden, 7 Jan 2009

Ebuyer.com runs on a Commodore 64

Online retailing can be a rough sport. The competition is rabid, customer loyalty is fickle, and IT expenses can go through the roof. That's why The Register can appreciate an e-tailer with a unique business model. A hawk-eyed El Reg reader points out that UK online retailer Ebuyer.com appears to be cutting costs by running …
Austin Modine, 7 Jul 2007

Create a news alert about netcraft, or find more stories about netcraft.

Biting the hand that feeds IT © 1998–2017