Ike.ninja

(Jun 5) Several security issues were fixed in libxxf86dga.

In the June 2013 survey we received responses from 672,985,183 sites, 148k more than last month.

Both Microsoft and Google grew slightly this month, gaining 0.5 percentage points of market share. Microsoft’s web server, IIS, now serves 17.22% of the world’s websites, down from a historic high of 37% which it reached in October 2007. Microsoft IIS’s market share amongst secure websites (HTTPS) is significantly higher: it serves 39% of the secure websites found by Netcraft and is in 2nd place behind Apache. Apache’s lead over Microsoft in the secure website market is only slight: it is ahead by just two percentage points and doesn’t hold an absolute majority as it does for non-secure websites (HTTP).

Despite its market share dipping slightly, Apache is still significantly ahead of its position just two months ago due to Go Daddy’s switch last month to Apache Traffic Server. Within the Million Busiest Sites, Apache bucked its recent downward trend this month: 7,300 more websites than last month are using Apache, including DigiCert‘s website which switched from nginx to Apache 2.4.5 (2.4.4 is the latest stable release).

nginx’s growth within the Million Busiest Sites remains strong, 5,400 more busy websites now use the web server since last month’s survey including The Verge which switched from Apache. Across all web sites, however, nginx lost almost 1% of market share and 6.4M websites caused by a large network of websites at namecheap.com failing to respond during the survey.

In early May 2013, nginx released a patch for a high severity security vulnerability which could allow an attacker to execute arbitrary code. Several attacks exploiting the vulnerability in the chunked transfer size calculation have been demonstrated including a proof of concept and an automated metasploit module. Almost 2M websites — or around 2% of all websites using nginx — presented a server banner corresponding to a vulnerable version (1.3.9+ and 1.4.0). The vast majority of nginx websites do not report the version in the server banner; however, the two most popular versions reported are 1.2.1 (released in June 2012) and 1.0.15 (released in April 2012) which do not have this vulnerability but may have others if left unpatched.

nginx is the most commonly used web server at Amazon: it is used on 41% of the 12M websites hosted using EC2 or S3. Last month Netcraft reported Amazon had 158k web-facing computers and has been the largest hosting provider by the number of web-facing computers since September 2012. After nginx, Apache is the next most common web server, 24.7% of websites use it, followed by Microsoft with 14%. Only 1% presented the AmazonS3 server banner, which can be used to host entire static websites in addition to simply static files.

For more information see Active Sites

(Jun 3) The python client library for Keystone did not properly verify expired PKItokens.