(Jan 29) libvirt could be made to crash or run programs if it received speciallycrafted network traffic.
Comment
In the February 2013 survey we received responses from 630,795,511 sites.
Both Apache and Microsoft IIS were used on fewer sites this month, losing more than five million hostnames between them. Conversely, nginx grew its market share to 12.85%, serving 1.4 million more hostnames than last month. Amongst the million busiest sites, nginx is now almost neck-and-neck with Microsoft IIS — both have a market share of just under 13% and there are now fewer than 500 individual sites separating them.
Tengine, an nginx derivative maintained by Taobao, a large Chinese internet retailer, is now used on almost 4 million hostnames, including at the Internet Archive. Alibaba, the parent company of Taobao, has the second largest number of hostnames in China and accounts for more than 11% of the hostnames we find in China. Though China accounts for 19% of the world’s population, only 5.8% of the world’s websites are hosted in China. Microsoft leads the way in China, with 38% of Chinese-hosted sites using IIS; just 26% use Apache, while usage of nginx — 19% — is significantly above-average.
Taobao is a magnet for Phishing attacks — Netcraft is currently blocking almost six thousand URLs targeting Taobao customers. After Facebook, Taobao.com is one of the busiest websites powered by PHP and also makes heavy use of JavaScript, though not using one of the more popular frameworks, instead using an open-sourced in-house developed library, KISSY.
| Developer | January 2013 | Percent | February 2013 | Percent | Change |
|---|---|---|---|---|---|
| Apache | 348,119,032 | 55.26% | 344,915,105 | 54.68% | -0.58 |
| Microsoft | 106,619,177 | 16.93% | 104,647,425 | 16.59% | -0.34 |
| nginx | 79,640,472 | 12.64% | 81,074,694 | 12.85% | 0.21 |
| 22,573,858 | 3.58% | 22,717,984 | 3.60% | 0.02 |
| Developer | January 2013 | Percent | February 2013 | Percent | Change |
|---|---|---|---|---|---|
| Apache | 103,682,570 | 55.50% | 101,558,682 | 54.92% | -0.58 |
| nginx | 22,227,083 | 11.90% | 21,970,144 | 11.88% | -0.02 |
| Microsoft | 21,211,254 | 11.35% | 21,484,151 | 11.62% | 0.26 |
| 15,022,947 | 8.04% | 14,976,221 | 8.10% | 0.06 |
For more information see Active Sites
| Developer | January 2013 | Percent | February 2013 | Percent | Change |
|---|---|---|---|---|---|
| Apache | 583,143 | 58.31% | 587,306 | 58.73% | 0.42 |
| Microsoft | 131,830 | 13.18% | 128,592 | 12.86% | -0.32 |
| nginx | 126,909 | 12.69% | 128,132 | 12.81% | 0.12 |
| 19,879 | 1.99% | 19,102 | 1.91% | -0.08 |
(Jan 30) Lawrence Pit discovered that Ruby on Rails, a web development framenwork, is vulnerable to a flaw in the parsing of JSON to YAML. Using a specially crafted payload attackers can trick the backend into decoding a subset of YAML. [More…]
(Jan 30) Several security issues were fixed in Inkscape.