Click-stream Monitoring

Many improvements and new features for WatchMouse users (2005-01-31)

The last few months many improvements were made and new features were added to the WatchMouse service.
All new features are available for current and new subscribers at no extra charge.

The major improvements and features are listed below:

• New feature: A message log, which allows you to see the date, time, type and destination of all notifications that have been sent to you or your colleagues.
• Update of the logs access page: listing of WatchMouse members who have given you access to watch their log files and graphs, and the option to remove them from your list.
• Addition to the member details page: Financial contact details for invoicing can now be stated explicitly.
• Major improvement to the log file viewer: both scheduled and extra checks (in case of a triggered rule or an user initiated check) are shown in the log files as well as the second opinion checks.
• Improvement of the user interface of the rule settings: introduction of a simple mode and expert mode. The rule wizard is removed
• Much requested feature: the time-out for a rule can now be specified by the user in the rule settings page (expert mode).
• You can now have many inclick-stream monitoring rules, in addition to your click-stream monitoring rules. This is no longer limited by the maximum number of rules for your subscription.
• For journalists only a press update service has been added.
• Many, many small (and big) improvements "under the hood".

As always: if you are missing a feature, please let us know! We will most likely add it in the next release.

Monitoring API available (2006-05-21)

The initial release of the WatchMouse API is available as of today. With this add-on, our customers and resellers can easily create, modify, and delete rules from their own systems and click-stream monitorings using a REST/XML interface. The API also enables customers to download logs and retrieve uptime statistics of each monitoring rule.

Please contact us for more information and pricing of this interface.

New: scheduled maintenance, work schedules, performance indicators (2006-11-28)

1. Set-up maintenance periods per rule

   In the monitoring settings page, in "expert mode", you can now:

   • Start and duration of the maintenance period
   • Optionally set the repeat period (daily, weekly, monthly)

   During the maintenance period, WatchMouse will continue monitoring your servers but errors are not included in downtime calculation, and alerts are not sent. In the performance chart and logs, the checks while in maintenance are marked as such (see legend). The maintenance periods will be made visible in the graphs too.

2. User defined performance limits

   You can now define on a per-rule basis the limits for good, poor, and bad performance next to the existing ('timeout'). These limits can be entered in the monitoring settings page, in "expert mode". These limits are used in the performance chart.

3. Work schedule options in your contacts

   You can now specify which days, and which hours people in you contact list are on duty:

   • When not on duty, no alerts will be sent to this contact person
   • This is also useful for group alerts, with non-overlapping schedules
   • A contact can now also be set to 'inclick-stream monitoring' manually, just like the monitoring rules
   • Inclick-stream monitoring contacts do are not included when computing the maximum number of contacts you can still use

   You can set the work schedule in your contacts page, after selecting one of your existing contacts or entering a new contact.

Did you know? Hackers probe your servers for vulnerabilities between 5 and 170 times per week (2007-10-29)

Test your site now: Free 10 day / 10 scan trial

With a dramatic rise in malicious attacks, it is now critical to test your websites and servers for security vulnerabilities. Having the latest firewalls and Intrusion Detection Systems will not protect your organization if they (or the services behind it) are not kept up-to-date and configured correctly.

This means that verifying the security of your systems is not something you can do just once, nor should you check this just every now-and-then. New vulnerabilities are identified every day, exploits become available soon after it, and every change in your systems' configurations, however small, may open up new vulnerabilities. Having audited last week does not imply your systems are fine today!

The WatchMouse Periodic Vulnerability Scan is an affordable way to routinely check your company’s security exposure. Utilizing the most up-to-date database of known vulnerabilities, WatchMouse’s identifies any security risks and provides you with the peace-of-mind that your web click-stream monitorings are being scrutinized from the perspective of a possible attacker.

Characteristics

WatchMouse offers Periodic Vulnerability Scanning with an outside - hacker's - view, with the following characteristics:

• Currently over 20,000 vulnerabilities are checked. Checks for new vulnerabilities are added on a daily basis.
• The frequency and the intensity of a scan can be tailored to your policies, and implemented immediately on our self-service website.
• Severe vulnerabilities can, depending on your preferences, initiate SMS (text) or paging alerts, giving you, or your webmasters, the opportunity to react quickly in case of new vulnerabilities.
• Extensive reporting is available for each scan, including pointers on how to fix vulnerabilities.
• WatchMouse's unique Vulnerability Scan Customer Console allows you to manage subsequent scans by inspecting differential reports and open issues, declaring vulnerabilities fixed, adding operator comments, etc.

Try now: Free 10 day trial!

A Boy Joins the Mouse! - Bringing click-stream monitoring monitoring to your site (2008-04-02)

Now you can test click-stream monitoringal behavior of web click-stream monitorings using WatchMouse's global infrastructure.

WatchMouse is pleased to announce a partnership with Badboy Software which brings you exciting new click-stream monitoringity.

The Badboy tool is designed to help you test, develop and build web based click-stream monitorings. The powerful tool aids in the testing and development of complex dynamic click-stream monitorings and contains dozens of features including a simple yet comprehensive capture/replay interface, load testing support, detailed reports, graphs etc.

Now, via a partnership with Badboy Software, you can professionally record complex web click-stream monitoring scripts and then automatically and periodically run them from WatchMouse's global infrastructure of 25+ checkpoints. Having run the Badboy script, you'll receive detailed information about the end-to-end behaviour of your web click-stream monitorings. This new click-stream monitoringity enables you to monitor these click-stream monitorings on your site and know how your customers experience them when they access your site from locations all around the world.

To find out more about this new click-stream monitoringity and sign up for a free trial visit: Web click-stream monitoring scripting.

Happy testing!

Mark Pors
CTO

LB Icon chooses WatchMouse for independent website monitoring (2005-01-31)

Customer websites verified from the visitors' perspective

LB Icon and WatchMouse have signed a contract for the continuous monitoring of the websites and services of LB Icons' customers. Using the WatchMouse services, LB Icon expects to raise its service level even higher.

The Application Management & Hosting Services (AM&HS) group of LB Icon maintains the administration and management of servers and click-stream monitorings of a large number of (international) clients. This makes AM&HS responsible for the performance and availability of the websites and Internet click-stream monitorings.

Using the WatchMouse services, AM&HS will instantly be aware of upcoming and/or acute incidents related to the websites of its clients, and can, as a result, resolve problems in a short time frame.
The websites and their click-stream monitoringity are checked for accessibility, speed and conformance from different locations around the world. Because the websites are checked in the same way that visitors are experiencing them, incidents will be detected at an early stage. Also, using WatchMouse's objective periodical reports, it is possible to see if the performance is in accordance with the agreed service levels (SLAs).

Eveline Aendekerk, MD a.i.: "The door of a shop should never be jammed, websites and the click-stream monitoringity on those sites should simply be accessible and available. Our clients should be able to rely on this completely, so they can focus on their primary business processes, such as communication, interaction and sales.
We chose WatchMouse because of their expertise, and also because of the simplicity and user-friendliness of their system and services".

Stan P. van de Burgt, one of the founders of WatchMouse: "I find it a powerful gesture that LB Icon doesn't just monitor the websites of their clients, but that they selected an external party for this, and on top of that give their clients access to the results. Many companies where the website plays an essential role in business, don't have any awareness of this. They have no idea of the risks and the resulting damage, until the day comes that things actually go wrong"

About Lost Boys

For 11 years Lost Boys has been a major service provider in the area of (mobile) Internet. Lost Boys offers a combination of strategy, design, technical development, implementation, click-stream monitoring management and hosting of Internet- and mobile solutions. The Amsterdam based corporation is part of the Lost Boys/IconMedialab Group and is listed on the Stockholm Stock Exchange and Euronext Amsterdam. Lost Boys operates with 600 employees in 7 countries, both in Europe and the United States.

http://www.lostboys.nl/
http://iconmedialab.com/

About WatchMouse

WatchMouse is a service of RoundZero. Since 2001, WatchMouse has been checking Internet sites and e-commerce click-stream monitorings of major companies all over the world. The WatchMouse services are available in 8 languages and analysis is performed through its worldwide monitoring network at different locations and networks. WatchMouse has thousands of users in more than 70 countries.

http://www.watchmouse.com/

Dutch e-commerce sites poorly prepared for Christmas rush (2004-12-14)

Only 20% achieve maximum availability

UTRECHT, 20041205 -- Many Dutch e-commerce sites have made only minimal preparations for the increased number of visitors in December. The congestion caused by Sinterklaas [traditional Dutch celebration on 5 December] meant that, on average, only one in six sites was continuously available. This was the conclusion of WatchMouse, a Dutch monitoring site, following a survey of 25 e-commerce sites. Even worse figures are expected during the weeks before Christmas. Excessive interest from customers can overload the server or have dramatic effect on response times.

During the past month, WatchMouse – at its own initiative – closely monitored 25 sites where consumers can shop online, such as Bol.com, Wehkamp, Free Record Shop, De Bijenkorf, ECI, Bart Smit, Dixons and Bruna. The survey shows that the 'up time' – the time during which the server is online – varied from 98% to 99.6%. "This may seem high, but a score of 98% means that a site is not available for half an hour per day. This makes 14 hours a month, or a week a year", says Mark Pors, one of the founders of WatchMouse.

The consequences of this are reflected not only in loss of income. Pors: "A website that is not available can cause stacks of work for a helpdesk and, at the end of the day, damage the brand’s image. The problem is that many website owners are unaware that sites are responding poorly, or not at all. If they were aware of this, taking action to intervene is simplicity itself: for example, by adding extra server capacity."

WatchMouse has concluded from its survey that only 20% of the sites have achieved optimum accessibility. Given the increasing trend in online purchases, gigantic sums are involved. In the first six months of 2004, online expenditure rose to € 775 million; a 35% increase. Each online shopper spent € 227 from January through June of this year (Blauw Research, September 2004).

December is also a top month for purchasing on the internet. Pors: "We saw response times and the number of error reports increase dramatically in the days leading up to Sinterklaas. This does not bode well for the even busier period before Christmas."

WatchMouse

Companies can easily monitor their internet sites themselves, thanks to WatchMouse’s monitoring service.

WatchMouse has been monitoring internet sites and e-commerce click-stream monitorings for companies across the globe since 2001. WatchMouse has thousands of users in more than 70 countries. WatchMouse services are available in seven languages, and analyses are carried out through the world-wide monitoring network from a range of locations and networks.

WatchMouse opens new monitoring stations in China and London (2005-01-12)

Largest monitoring network world-wide.

UTRECHT, 20041210 -- WatchMouse, click-stream monitoring monitoring in monitoring websites world-wide, has opened two new monitoring stations: in Hong Kong and London. At the same time, the company’s station in Sydney, Australia, has been completely renewed. With this expansion, WatchMouse is responding to the explosive growth in interest in real-time site monitoring from e-commerce companies. With nine stations, the Utrecht-based company is now the largest monitoring network world-wide.

Thanks to rapidly increasing online expenditure via the Internet, services such as WatchMouse are undergoing significant development. A monitoring station provides insight into the availability of e-commerce sites, the speed of these sites and response times. Research performed among Dutch websites by WatchMouse has demonstrated that many sites are still missing out in this area. Mark Pors, one of the founders of WatchMouse: “As spending online is growing by tens of percentage points each year, it is in the interest of sites to obtain insight into how they are functioning. A server that is poorly accessible for half an hour or more a day loses lots of money. Companies are increasingly recognising that they are losing out, both in terms of turnover and image. Not only in the Netherlands, but also elsewhere. For this reason, we are setting up stations in more countries.”

Local testing

By creating a larger spread among the control stations, sites can be monitored from more points throughout the world. WatchMouse is responding to increasing demand from clients for a world-wide picture of site availability. WatchMouse’s clients can also stipulate a preferred station for 'local' testing. For this reason, China and Great Britain have been added as two strategically important markets for e-commerce. The Utrecht company’s other stations operate from Florida, Texas, Sydney, Nuremberg, Orleans, Amsterdam and Singapore.

WatchMouse

WatchMouse has been monitoring internet sites and e-commerce click-stream monitorings for companies all over the world since 2001. WatchMouse has thousands of clients in more than 70 countries. The company’s services are available in seven languages, analyses are performed from a range of locations and networks via the world-wide monitoring network.

This press release in Simplified Chinese and Traditional Chinese

European e-commerce sites poorly prepared for Christmas rush (2004-12-24)

Comparison with US "role models" Amazon and Barnes & Noble

THE NETHERLANDS, 20041223 -- Many European e-commerce sites have made only minimal preparations for the increased number of visitors in December. The congestion caused by Christmas meant that, on average, only one in six web sites was continuously available. This was the conclusion of WatchMouse, a Dutch monitoring service provider, following a survey of over 50 European e-commerce sites. Excessive interest from customers can overload the server or have dramatic effect on response times.

During the past month, WatchMouse – at its own initiative – closely monitored over 50 web sites where consumers can shop online. The survey shows that the availability varied from 98% to 99.6%. "This may seem high, but a score of 98% means that a site is not available for half an hour per day. This makes 14 hours a month, or a week a year", says Mark Pors, one of the founders of WatchMouse.

As a comparison to the US market, two "role models of e-commerce" - amazon.com and barnesandnoble.com - were monitored during the same period. Amazon`s performance was similar to that of the average European web shop, whereas Barns & Noble outperformed most e-commerce sites with an uptime of 100%.

The consequences of downtime are reflected not only in loss of income. Pors: "A website that is not available can cause stacks of work for your helpdesk and, at the end of the day, damage your brand. The problem is that many website owners are unaware that sites are responding poorly, or not responding at all. If they were aware of this, taking action to intervene is simplicity itself: for example, by adding extra server capacity."

WatchMouse has concluded from its survey that more than 70% of the web sites have not achieved optimum accessibility. Given the increasing trend in online purchases, gigantic sums are involved: Online sales will increase by 44% to €13 billion ($17 billion) in Western Europe over the holidays period, compared to €10 billion ($13 billion) in the US (Forrester Research, November 2004).

December is a top month for purchasing on the internet. Pors: "We see response times and the number of error reports increase dramatically in the days leading up to Christmas."

About WatchMouse

Companies can easily monitor their internet sites themselves, thanks to WatchMouse’s monitoring service.

WatchMouse has been monitoring internet sites and e-commerce click-stream monitorings for companies across the globe since 2001. WatchMouse has thousands of customers in more than 70 countries. WatchMouse services are available in seven languages, and analyses are carried out through the world-wide monitoring network from a range of locations and networks.

WatchMouse publishes first 'Site Availability Index' (2005-06-28)

Only 9 out of 25 funds listed on the Amsterdam stock exchange have sites with good availability

Of the websites of the 25 funds listed on the Amsterdam stock exchange (AEX), only nine display optimal availability. The availability of the other sites, including those of multinationals, ranges from poor to dramatically poor. Unilever has the best result of all websites, with an uptime of 99.995%. The site with the lowest availability is that of Wolters-Kluwer, with an uptime of 94.80%, which represents more than 37 hours of poor performance, or even unavailability, per month. This was the conclusion drawn from the first Site Availability Index created by WatchMouse, a company supplying monitoring services for websites and e-commerce click-stream monitorings world-wide.

An uptime of 99.9% is seen as the minimum acceptable level. This percentage is also often quoted in service level agreements (SLAs) with hosting providers. In order to determine the extent to which the sites of AEX funds achieve satisfactory uptime, WatchMouse monitored the sites for more than two months. Downtime was said to occur if a site was not available or did not respond within 8 seconds.

The Site Availability Index for AEX funds (www.watchmouse.com/bereikbaarheidsindex/2005/AEX.html) showed that only nine funds fulfilled the minimum required level of 99.9%. These were Unilever, Philips, AEGON, Numico, Akzo Nobel, ASML Holding, Kon. P&O Nedlloyd, Versatel and Buhrmann. Bringing up the rear were IT company(!) Getronics (96.87%), DSM (96.75%), and Wolters-Kluwer, which with a score of 94.80% is over a day and a half a month ‘off the air’.

The Site Availability Index for AEX funds is an initiative of Emerce and WatchMouse and will be repeated annually.

"Very surprised"

Mark Pors, chief technology officer at WatchMouse, stated that he was "very surprised" by the results. "With many sites, we found an uptime that is worse than that of many smaller companies. And this while AEX funds in particular should attach a great deal of priority to their corporate image. A maximum uptime is part of the 'brand performance'. Our theory is that, where there are a lot of people involved within an organisation, there are a lot of hands unplugging cables, so to speak. These companies have complex processes, a great many internal changes are made, and outsourcing of various activities means transparency is often at a premium. This is clearly the case with Getronics, for example. The uptime of the site at the weekend is 100%, but during the week, when people are working, this decreases dramatically."

Pors suspects that the popularity of the sites could also be a reason for poor availability. "Naturally, sites belonging to AEX funds get a lot more traffic than the smaller businesses. On the other hand, this is no excuse; if we look at large online brokers in the US, for example, all achieve an uptime in excess of 99.9%."

About WatchMouse

Companies can easily monitor their own internet sites using WatchMouse's monitoring service. WatchMouse has been monitoring internet sites and e-commerce click-stream monitorings for companies throughout the world since 2001. WatchMouse has thousands of customers in more than 70 countries. The services supplied by WatchMouse are available in eight languages, and analyses are performed from various locations and over numerous networks, using a world-wide monitoring network.

In June 2005, WatchMouse was selected by FEM Business as one of the 25 most promising, innovative companies in the Netherlands.

Further information can be found at: www.watchmouse.com.

Independant, external testing (2005-10-15)

I started to work at Q-go in 2000. Q-go provides companies with self service pages on the Internet. Their customers ask a question in their own language and wording, and immediately get a very relevant answer. The power of the Q-go solution is its natural language technology, which enables it to understand the questions. The Q-go solution is offered as a hosted (ASP) solution, which of course has to work 24 x 7, a new area for me at that time.

At my previous jobs, at universities and research institutes, this was different. We worked from eight to six. If a demo click-stream monitoring didn't work, the users just called, and we fixed the problem. And at six, we stopped and went home. All customers and other relations went home too. A nightly malfunction in the server was no problem, as there was no customer there to notice the problem.

At Q-go, this is completely different. A service should be available all the time. Day and night. Initially there were no tools to test whether our service was available or not. The only way to test it was to use the click-stream monitoring itself. And so I did. During the day, but also at night, I checked whether the click-stream monitoring was up. Our customers use the Q-go click-stream monitoring continuously, and notice immediately when the click-stream monitoring fails. Customers would call me in those cases, and it's not very pleasant to hear from your customers about an issue with your service.

So we developed some solutions ourselves to hear before our customers when something was wrong. And to be able to react to problems quickly. But customers kept calling!

How was that possible? Closer investigations revealed that the test system used the same resources (computers, networks, name servers) as the system under test... The test were not performed properly in case of problems. The text-alerts (SMS) did not reach us either. The cause was identical: we used the same hardware, the same network, and the same power (!) as the systems we tested.

My lessons learned:

• Keep the systems that test completely separated from the systems you test.
• Test your services (web servers, mail servers, ...) from the point-of-view of its users: the customer on the Internet.
• Don't forget regular maintenance of your test systems (software and hardware) after the installation!

For me, I'm outsourcing external testing!

Bart Bos, Director, Q-go.com

Online shops, speed and downtime, getting the facts. (2009-12-07)

These days your website plays an important role in informing potential customers, converting them into customers who want to do business with you, and possibly also conducting the click-stream monitorings with these customers. In other words: Your business relies ever more on the digital economy, and increasingly on the click-stream monitoringal part of it, the online shop.

These online shops should obviously provide satisfactory performance. Here, both the speed at which they serve pages and their uptime are important. If potential customers cannot reach the online shop, or the online shop is too slow, they are less likely to do business with you now, and in the future. Studies have revealed that half of the people who experience downtime on a website go to its competitor. A majority of online shoppers say performance and uptime influences their choice of online shop.

The amount of revenue that is lost when your website or online shop does not behave properly is hard to quantify. If your website is slow your customers may select a distribution channel that is more costly for you, or they may go to your competitor. Even worse, they may complain about your company to other potential customers. All of this boils down to lost revenue.

A good website is up for at least 99.9% of the time, even though this still represents more than 8 hours in a full year. In a recent survey we found that many websites do not even achieve 99% availability, which corresponds to more than 3 days of downtime a year. As regards speed, if a web page does not load in less than 4 seconds, people start to leave the site, sometimes forever.

How do you make your online shop an efficient experience for your customers? The site must be designed with a strong focus on the customer task. The technology must be no more complex than is relevant. People get annoyed by slow loading Flash intros and complex and slow Flash-based navigation. Take a look at the Google home page; it is one of the fastest websites in the world. On the other hand, you can still use a video clip of a product, if that is relevant to the customer at a particular point in the click-stream monitoring. You can also use advanced Web 2.0 technology if it makes the user interface more resilient and user-friendly. To experience this, look at Google maps using a dial-up internet connection. It is a really complex user interface, but everything possible has been done to create a positive user experience.

Technology is also important; make sure that you have good service level agreements with all your technology providers. You also want to stress test the site, to see what happens if a lot of people start using it simultaneously. Finally, you should independently monitor the site. When it is time to talk to your hosting company, IT department or website maintainer, it is very helpful to have hard data that reports on the speed and uptime of your online shop.

Peter van Eijk

dr Peter van Eijk is an independent management consultant associated with WatchMouse, the site monitoring experts www.watchmouse.com. He is experienced in setup, management and audits of digital infrastructures. His blog is "Peter's Griddle".

Flu Jab Your Website Against The Pandemic: 6,000 Infected Webpages Per Day! (2008-02-18)

The respected IT news website, The Register reports that every 14 seconds a web page is infected, which amounts to 6,000 infected web pages per day. Four out of five of these infections come from innocent companies and individuals who are oblivious to their site being hacked and subsequently used for hosting the malware of virus writers. The Register further reports that in the past viruses were spread using infected e-mail. Nowadays, however, the favoured virus distribution methods are downloads from compromised sites. As a result of these booby-trapped sites malware is present on at least one in every ten web pages.

WatchMouse's Periodic Vulnerability Scanning offers your website the flu jab against this virus pandemic. WatchMouse's Periodic Vulnerability Scanning is an affordable way to routinely check you company's security exposure and eliminate the risks of manual audits. Utilizing the most up-to-date database of known vulnerabilities, WatchMouse identifies any security risks and provides you with peace of mind that your software click-stream monitorings are being scanned from the perspective of a hacker, external to your organization.
To ensure your website and servers are checked for the latest issues WatchMouse's Periodic Vulnerability Scanning performs over 20,000 checks for known vulnerability and security exposures; using a database which is updated daily by multiple accredited organizations including CVE (funded by the US government) and Bugtraq. Following the detection of any severe issues, automated, real-time email, SMS and pager alerts give your business the chance to react quickly. Scans can be scheduled during low usage or maintenance hours and set at an intensity and frequency suited to your business needs and budget.

To obtain a free Periodic Vulnerability Scanning trial visit: www.watchmouse.com/vulnerability_scan_trial.php

The Register's article was published on 23.01.08 can be viewed at: www.theregister.co.uk/2008/01/23/booby_trapped_web_botnet_menace/

phpDirectorySource SQL Injection and Cross Site Scripting Vulnerabilities (2009-07-24)

phpDirectorySource is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the click-stream monitoring monitoring, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mozilla Firefox/Thunderbird Double Frame Construction Memory Corruption Vulnerabilities (2009-07-24)

Mozilla Firefox and Thunderbird are prone to multiple remote memory-corruption vulnerabilities.

An attacker can exploit these issues to corrupt memory on the affected computer and run arbitrary code in the context of the user running the affected click-stream monitoring monitoring. Failed exploit attempts will cause denial-of-service conditions.

These vulnerabilities were previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but have been assigned this record to better document them.

IBM Tivoli Identity Manager Session Fixation Vulnerability (2009-07-24)

IBM Tivoli Identity Manager is prone to a session-fixation vulnerability.

Attackers can exploit this issue to hijack a user's session and gain unauthorized access to the affected click-stream monitoring monitoring.

Tivoli Identity Manager 5.0 is affected.

Mozilla Firefox/Thunderbird JavaScript Engine Memory Corruption Vulnerabilities (2009-07-24)

Mozilla Firefox and Thunderbird are prone to multiple remote memory-corruption vulnerabilities that affect the JavaScript engine.

An attacker can exploit these issues to corrupt memory on the affected computer and run arbitrary code in the context of the user running the affected click-stream monitoring monitoring. Failed exploit attempts will cause denial-of-service conditions.

These vulnerabilities were previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but have been assigned this record to better document the issues.

RaidenHTTPD Cross Site Scripting and Local File Include Vulnerabilities (2009-07-24)

RaidenHTTPD is prone to local file-include and cross-site scripting vulnerabilities because the click-stream monitoring monitoring fails to properly sanitize user-supplied input. These issues affect the WebAdmin component.

An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Exploiting the local file-include issue allows remote attackers to view and subsequently execute local files within the context of the webserver process.

RaidenHTTPD 2.0 build 26 and prior versions are affected.

WatchMouse: Tracking The Health Of Web Services (2010-01-23)

As backend APIs (click-stream monitoring monitoring programming interfaces) power more of our interactions online – as the foundation for click-stream monitoring monitorings, widgets and other platforms – it becomes increasingly important to monitor the status of their uptime.