The Web is more vulnerable to attack now than at any time previously.
That's the stark conclusion of Netcraft's latest monthly survey of Web servers, which expresses concerns over the emergence of serious vulnerabilities in both Microsoft's IIS and Apache Web servers over the last month.
On June 11, Microsoft released a trio of advisories, the most serious of which referred to a HTR buffer overflow that could be used to remotely compromise machines running Microsoft-IIS.
Although Netcraft can not explicitly test for the vulnerability without prior permission from the sites, around half of the Microsoft IIS sites on the internet have HTR buffer overflow enabled, making it likely that many will be vulnerable to attack.
Days later it was reported that many versions of the Apache Web server were vulnerable to a buffer overflow because of a flaw in the Web server's "Chunked Encoding" mechanism.
Netcraft's report says: "With over half of the Internet's web servers potentially vulnerable, conditions are ripe for an epidemic of attacks against both Microsoft-IIS and Apache based sites, and the first worm, targeting sites running Apache on FreeBSD, has been spotted this weekend."
News source: The Register
View: The entire article
That's the stark conclusion of Netcraft's latest monthly survey of Web servers, which expresses concerns over the emergence of serious vulnerabilities in both Microsoft's IIS and Apache Web servers over the last month.
On June 11, Microsoft released a trio of advisories, the most serious of which referred to a HTR buffer overflow that could be used to remotely compromise machines running Microsoft-IIS.
Although Netcraft can not explicitly test for the vulnerability without prior permission from the sites, around half of the Microsoft IIS sites on the internet have HTR buffer overflow enabled, making it likely that many will be vulnerable to attack.
Days later it was reported that many versions of the Apache Web server were vulnerable to a buffer overflow because of a flaw in the Web server's "Chunked Encoding" mechanism.
Netcraft's report says: "With over half of the Internet's web servers potentially vulnerable, conditions are ripe for an epidemic of attacks against both Microsoft-IIS and Apache based sites, and the first worm, targeting sites running Apache on FreeBSD, has been spotted this weekend."
News source: The Register View: The entire article
David Hamilton's Post:
"We have been working for some time now on a unified driver architecture base to allow us to better support our customers needs on a more timely basis. The unified driver architecture drivers will be know as the Creative MDP (Multi-Driver Pack) and will eradicate future issues that occur between drivers and applications running on different OS's and will also support both Live! and Audigy series cards under the one driver. The key benefit of the MDP approach is that there is now only one driver and app codebase as opposed to the multiple codebases that existed previously and had to be maintained separately. This will free up development time from a majority of maintenance to a much fairer balance of more enhancement development.
As you can appreciate this meant starting from the ground up and building the drivers and apps all over again from scratch. This work has taken a great deal of time, but we have recently completed the stand-alone driver and apps that are now used on our new installation CDs, which some OEMs now have and our newer products will also use.
We are very aware of some outstanding issues with the Live! and Audigy based cards that have been highlighted by many users and we very much appreciate your patience while waiting for the fixes to these issues. We had a very tough choice to make. Did we work on a fix using the old codebases, but in doing so delay the release of the MDP which has so many other benefits, or build the fixes into the MDP and release the two together a little later? We decided the best approach was to forge ahead with the new architecture which will provide better long-term advantages.
The great news is that these issues are indeed resolved using the new MDP approach and all that remains to be done is release a web download. Unfortunately as in all things in life this is not a simple process. Due to the vast difference in code between the old system and the new and also between the Live! codebase and the Audigy there is a further great deal of work to be done. Why? Well it's simple. The full install is over 300MB, clearly too big for anyone but T1 users to download in a reasonable timeframe, therefore we have to create update packs whcih are much smaller because they update only the parts that require changing. However due to the previous different codebases we have to create two different upgrade streams, one for Live! and one for Audigy. Once installed they will both then be 100% MDP compliant. We took the decision a little while ago to release the Live! update first. This work is now 99% complete and the download (only 50MB if you want all components, 25MB for the core components) will be available in the next week or so on our site. The work has already begun on the Audigy download and barring any major issues this should be ready around late August time.
In the meantime if you are a Live! user on a modem that doesn't want to download 50MB, or if you are an Audigy user that does not want to wait for the download, we have made the full CD available for order. The CD is free of charge, but there is a very small fee of €1.50 to cover postage. Once both downloads are available we will implement a small handling charge for the CD shipment, so if you want it - get it now.
One final point is that in the past when we have released large downloads our servers have become jammed and many users have complained about dropped downloads or simply just incredibly slow download speeds. Due to the size of this download we anticipated the same flurry of activity. We have therefore listened to our users and we are investigating many options. from the simple one of adding more bandwidth, to server bandwidth sharing between our WW servers (i.e. when the U.S. is asleep Europe can use some of their bandwidth to supplement ours and vice-versa) etc, etc. However one enhancement that has already been implemented and will be used going forwards will be our implementation of a new download queueing system that allows us to provide maximum service fairly across our user base. During busy periods you may have a few minutes wait before your download begins, but once it does you will be given guranteed bandwidth at a minimum 56K modem speed. Should your connection be dropped, no problem. Log back in within 5 mins and you go straight back into the download without queueing. Our servers also support resume download apps, so if you have these you will even be able to continue the download from the point it left off.
We are very pleased with the performance and stability of our new driver set and we are sure you will be too. I hope you like the plans we have put in place and have a better understanding of the implementation issues encountered."
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.