(Dec 31) An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system. [More…]
Comment
(Jan 1) Several vulnerabilities were discovered in TYPO3, a content management system. This update addresses cross-site scripting, information disclosure, mass assignment, open redirection and insecure unserialize vulnerabilities and corresponds to TYPO3-CORE-SA-2013-004. [More…]
In the January 2014 survey we received responses from 861,379,152 sites, an increase of 355,935 since last month.
2013 has been a year of significant change: the web has grown by more than one third, the importance of SSL has been highlighted by a series of spying revelations, Microsoft now power just below 30% of all web sites, and Apache has lost almost 14 percentage points of market share. Additionally, nginx, the relative newcomer, saw its market share peak at 16%, just shy of Microsoft’s position at the beginning of last year.
The total number of web sites discovered has increased dramatically this year — from 630 million web sites in January 2013 to 861 million in January 2014 (+37%) — though the growth does not compare to the doubling in size during 2011.
With the revelations from the NSA documents leaked by Edward Snowden providing months of mainstream publicity, 2013 has been a bumper year for the SSL industry. Websites are increasingly being served over HTTPS: 48% more sites within the million busiest are using SSL than in January 2013. In total, there are over half a million more SSL certificates (+22%) in use on the web since January 2013. The estimated total revenue of the industry has increased even more rapidly, by 28% from September 2012 to September 2013, reflecting the increased uptake of more expensive certificates including Extended Validation, multi-domain, and wildcard certificates.
Apache remains the most commonly used web server on the internet, 10 million more web sites are using it than this time last year; however, this growth has not been sufficient to maintain its share of a market which grew by more than 200 million web sites. As a result, Apache’s market share has fallen by 14 percentage points since January and now stands at 42%.
In stark contrast to Apache, Microsoft had a strong year — almost 150 million more web sites use a Microsoft web server than in January 2013. Microsoft’s share is close to 30% of the entire market and a combination of its strong growth and the corresponding lack of growth of sites using Apache has resulted in Apache’s lead shrinking by more than 26 percentage points to just 12. Microsoft’s own cloud platform, Azure, has grown steadily throughout 2013 — there are 39% more web-facing computers hosted by Microsoft in January 2014 than the same time last year — and despite offering alternatives, Microsoft’s IIS is by far the most common web server on Azure.
Open-source web server nginx has continued to gain acceptance, especially amongst the busiest web sites. Nginx is now used on 14% of all web sites found, up 2 percentage points since January 2013, but has fallen slightly from the peak of 16% it achieved in October. In May 2013, nginx overtook Microsoft to become the second most common web server within the top million busiest sites and now powers almost 16% of them.
| Developer | December 2013 | Percent | January 2014 | Percent | Change |
|---|---|---|---|---|---|
| Apache | 355,244,900 | 41.26% | 358,669,012 | 41.64% | 0.38 |
| Microsoft | 241,777,723 | 28.08% | 253,438,493 | 29.42% | 1.34 |
| nginx | 126,485,204 | 14.69% | 124,052,996 | 14.40% | -0.29 |
| 38,263,525 | 4.44% | 21,280,639 | 2.47% | -1.97 |
| Developer | December 2013 | Percent | January 2014 | Percent | Change |
|---|---|---|---|---|---|
| Apache | 99,367,323 | 53.96% | 98,129,017 | 54.50% | 0.54 |
| nginx | 24,534,598 | 13.32% | 21,548,550 | 11.97% | -1.36 |
| Microsoft | 20,731,750 | 11.26% | 20,901,626 | 11.61% | 0.35 |
| 15,508,986 | 8.42% | 15,386,518 | 8.54% | 0.12 |
For more information see Active Sites
| Developer | December 2013 | Percent | January 2014 | Percent | Change |
|---|---|---|---|---|---|
| Apache | 557,546 | 55.75% | 554,533 | 55.45% | -0.30 |
| nginx | 155,291 | 15.53% | 159,079 | 15.91% | 0.38 |
| Microsoft | 127,182 | 12.72% | 126,568 | 12.66% | -0.06 |
| 31,317 | 3.13% | 30,370 | 3.04% | -0.09 |
(Jan 1) Multiple security issues have been fixed in OpenSSL: The TLS 1.2 support was susceptible to denial of service and retransmission of DTLS messages was fixed. In addition this updates disables the insecure Dual_EC_DRBG algorithm (which was unused anyway, see [More…]
(Dec 28) Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework: vulnerabilities due to optimistic cross-site request forgery protection, insecure pseudo random number generation, code execution and incorrect security token validation. [More…]