![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: mhp@netcraft.com (Mike Prettejohn)
To: lwn@lwn.net
Subject: March 2002 Netcraft Web Server Survey
Date: Mon, 1 Apr 2002 03:21:11 +0100 (BST)
The March 2002 Netcraft Web Server Survey is out;
http://www.netcraft.com/survey/
Top Developers
Developer February 2002 Percent March 2002 Percent Change
Apache 22462777 58.43 20492088 53.76 -4.67
Microsoft 11198727 29.13 12968860 34.02 4.89
iPlanet 1123701 2.92 889857 2.33 -0.59
Zeus 837968 2.18 855103 2.24 0.06
Developer February 2002 Percent March 2002 Percent Change
Apache 10147402 65.18 9522954 64.37 -0.81
Microsoft 4069193 26.14 3966743 26.81 0.67
iPlanet 283112 1.82 265826 1.80 -0.02
Zeus 177225 1.14 170023 1.15 0.01
Around the Net
Microsoft gains almost 2 million sites this month, primarily as a
result of [1]register.com and [2]Network Solutions migrating their
domain parking facilities to a Windows front end.
Network Solutions has been running part of its domain parking system
on Windows for some time, and has been moving progressively more of
its sites from a Solaris Netscape-Enterprise system at [3]Digex to a
Windows based system at [4]Interland. Several hundred thousand sites
seem to have moved to this [5]system this month, and the drop in
Netscape-Enterprise is largely a result of this. Ironically, many of
the sites were hacked a few days later, Newsbytes [6]reports.
register.com seems to be partway through a migration to Windows.
Presently, the bulk of the page content is still served from
[7]Linux, with a Windows platform serving framesets referencing the
Linux based page content as on this example [8]site.
Crypto Regulations Cast Long Shadow
Recently, the strength of SSL key lengths has been the subject of
heated [9]debate in security circles, after [10]Nicko van Someren
disclosed that he is able to break 512-bit keys in around six weeks,
using conventional office computers.
The [11]analysis focuses on the key length used for the server's
public key (the key which is used to prove the authenticity of the
server to web browsers). The longer the key, the harder it is for an
attacker to break the key - if this key is broken, it can compromise
both past and future secure browsing sessions, and allow the attacker
to impersonate the server. Most experts currently recommend a key
length of at least 1024 bits as secure and some of the strongest
debate has concerned the perceived safety of these 1024 bit keys.
However, a more timely aspect to the work is to highlight the number
of SSL servers currently in use on the internet, and their
geographical location.
Although US export restrictions on strong cryptography have been
relaxed in recent years, data collected as part of our [12]SSL Server
Survey shows that the US export legislation and locally acted
legislation to restrict the use of cryptography in countries with
repressive or eccentric administrations, does still cast a shadow over
the security of ecommerce even years after the acts have been
repealed.
Internet-wide, around 18% of SSL Servers use potentially vulnerable
key lengths. However, these tend to be concentrated in geographical
areas outside the United States and its close trading partners. In the
US, where over 60% of SSL sites are situated, and Canada only around
15% of sites are using short keys. In most European countries over 25%
are still using short keys, and in France, which had laws restricting
the use of cryptography until relatively recently, over 40% of sites
are using short keys.
US export regulations (described in detail by the [13]crypto law
survey) have had a discernable impact in slowing use of strong
cryptography outside of the States. One reason export grade
cryptography remains quite common is that the relative weakness of the
server's choice of cryptography is not obvious to the end user, so
there is so little pressure to make the change. Browser developers are
in a position to help change this, perhaps by displaying a graded
indication of key length rather than the present lock symbol displayed
on all SSL sessions regardless of strength.
Solaris 9 to be released shortly
[14]news.com reports that Solaris 9 will ship in the next ninety days.
[15]playground.sun.com, usually a staging ground for new Sun operating
system releases, is already running a modified TCP/IP stack that we
think may be Solaris 9. Conversely [16]www.sun.com seems to have only
moved to Solaris 8 in the last month.
References
1. http://www.register.com/
2. http://www.netsol.com/
3. http://www.digex.com/
4. http://www.interland.com/
5. http://www.netcraft.com/whats?site=64.225.154.175
6. http://online.securityfocus.com/news/357
7. http://www.netcraft.com/whats?site=futuresite.register.com
8. http://www.auraweb.net/
9. http://slashdot.org/article.pl?sid=02/03/25/2125211&mode=thread
10. http://www.ncipher.com/about/mgmt_team.html
11. http://www.ncipher.com/about/news.php
12. http://www.netcraft.com/ssl/
13. http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm
14. http://news.com.com/2100-1001-865257.html
15. http://www.netcraft.com/whats?site=playground.sun.com
16. http://www.netcraft.com/whats?site=www.sun.com
Internet Research from Netcraft.
Netcraft does commercial internet research projects. These include
custom cuts on the Web Server Survey data, hosting industry analysis,
corporate use of internet technology and bespoke projects. All of the data
is gathered through network exploration, not teleresearch.
sales@netcraft.com
Network Security Testing from Netcraft.
Netcraft provides automated network security testing of customer networks
and consultancy audits of ecommerce sites, Clients include IBM,
Hewlett Packard, Deloitte & Touche, Energis, Britannic Asset Management,
Guardian Royal Exchange, Lloyds of London, Laura Ashley, etc.
Details at http://www.netcraft.com/security/
To unsubscribe from the Netcraft Web Server Survey Announcements list
send the message
unsubscribe webserver-survey
to majordomo@netcraft.com
To resubscribe send the message
subscribe webserver-survey
Mike
--
Mike Prettejohn
mhp@@netcraft.com Phone +44 1225 447500 Fax +44 1225 448600
Netcraft Rockfield House Granville Road Bath BA1 9BQ England