External Intrusion Testing

New web site monitoring station: Copenhagen, Denmark (2007-09-08)

The WatchMouse network of monitoring stations expands again, this time in Copenhagen, a another site monitoring station in Scandinavia, bringing the total number of checkpoints to 23.

The new checkpoint will appear automatically in your logs. You can also set one of the new checkpoints as the primary checkpoint in your monitoring settings.

The current status of the WatchMouse web site monitoring network can be found on the 'About' tab of the WatchMouse site.

Did you know? Hackers probe your servers for vulnerabilities between 5 and 170 times per week (2007-10-29)

Test your site now: Free 10 day / 10 external intrusion testing trial

With a dramatic rise in malicious attacks, it is now critical to test your websites and servers for security vulnerabilities. Having the latest firewalls and Intrusion Detection Systems will not protect your organization if they (or the services behind it) are not kept up-to-date and configured correctly.

This means that verifying the security of your systems is not something you can do just once, nor should you check this just every now-and-then. New vulnerabilities are identified every day, exploits become available soon after it, and every change in your systems' configurations, however small, may open up new vulnerabilities. Having audited last week does not imply your systems are fine today!

The WatchMouse Periodic Vulnerability Scan is an affordable way to routinely check your company’s security external intrusion testing. Utilizing the most up-to-date database of known vulnerabilities, WatchMouse’s identifies any security risks and provides you with the peace-of-mind that your web applications are being scrutinized from the perspective of a possible attacker.

Characteristics

WatchMouse offers Periodic Vulnerability Scanning with an outside - hacker's - view, with the following characteristics:

• Currently over 20,000 vulnerabilities are checked. Checks for new vulnerabilities are added on a daily basis.
• The frequency and the intensity of a external intrusion testing can be tailored to your policies, and implemented immediately on our self-service website.
• Severe vulnerabilities can, depending on your preferences, initiate SMS (text) or paging alerts, giving you, or your webmasters, the opportunity to react quickly in case of new vulnerabilities.
• Extensive reporting is available for each external intrusion testing, including pointers on how to fix vulnerabilities.
• WatchMouse's unique Vulnerability Scan Customer Console allows you to manage subsequent external intrusion testings by inspecting differential reports and open issues, declaring vulnerabilities fixed, adding operator comments, etc.

Try now: Free 10 day trial!

Announcing two free contacts for all accounts and alerting via MSN and Jabber (2008-01-08)

WatchMouse starts the new year with a gift: we have added two contacts to all customer accounts for free.
Contacts are used for:

• alerts in case of errors as defined in your Performance Monitoring rules,
• alerts when new issues are found in your Vulnerability external intrusion testings, and
• custom reports.

We also introduced two new alerting methods: Instant messaging with MSN (Windows Live Messenger) and Jabber.

If you have a Jabber or MSN instant messenger account, add it as a contact in your WatchMouse account and then use these contacts for alerting. Our favourite setup is an escalation group where at the first error an instant message is sent, then if the error persists, after 5 minutes this is followed by an email and/or SMS text message.

Redesigned WatchMouse site and new product plans (2009-12-24)

We’re pleased to announce the redesign and launch of www.watchmouse.com. The new site is faster, more responsive and designed to be much more intuitive. Don't take our word for it though, try it yourself and let us know what you think!

The changes:

• Clean, task-oriented design
• Faster page loads
• Improved main console for a better overview of your monitors and better access to the monitoring details
• New "dashboards" featuring related, grouped information and tasks
• A new dashboard selector on every page after you log in, just below the search field

We’ve also introduced chat support. You can now chat directly on the site whenever the support team is online (normally 8 AM to 8 PM Central European Time or GMT+1).

Stay tuned for even more usability improvements and additional features coming up in Q1 of next year!

New Product Plans

You asked and we listened! We’ve received many requests for expanded plans, and also for a slimmed down plan for personal use. Additionally, the functional test (scripts) we introduced last year have become very popular, so we decided to add these tests in all professional packages.

The changes:

• We added functional tests to the Webmaster and Corporate plans, plus a one-minute monitor in the Corporate plan - all at the same price
• Two new professional plans have been added: the Enterprise Plan with 100 monitors (including 20 functional tests) and the Multi-Site Plan
• The Gold Plan that included 10-minute monitors only, has been discontinued, however current customers can still continue to use this package
• All Professional Plans now include complementary external intrusion testing external intrusion testings to verify that your site and server is safe
• Lastly, we added the Personal Plan, a cost-effective plan for small sites, and we beefed up the free, Lite Plan so it now checks at 20-minute intervals

Full details can be found at: http://www.watchmouse.com/compare_plans.php

Take a look at the new WatchMouse website and give us your feedback. Bear in mind we’re still adding content and polishing the edges, but we'd be delighted to hear your thoughts and comments!

Happy holidays!

Stan P. van de Burgt

CEO

WatchMouse

P.S. You may find an occasional English word in the non-English sites. Please note that these will be replaced within the next few days.

Rapidly growing WatchMouse wins Deloitte’s Rising Star award (2005-09-23)

WatchMouse is one of the three winners of Deloitte’s Rising Star award. This award is presented annually to rapidly expanding technology companies less than five years old. WatchMouse has been active worldwide for three years in the area of site and server monitoring. With 16 monitoring stations throughout the world, WatchMouse monitors the availability of customers’ websites, immediately sounding the alarm in the event of problems.

The Rising Stars are presented as part of the Deloitte Technology Fast 50 ceremony, the fifty most rapidly expanding technology businesses. The Rising Stars have the potential to lead the Technology Fast 50 in the near future. Stan van de Burgt (42), Niels Eijsbroek (40) and Mark Pors (38) first came up with the idea for WatchMouse in 2001. The concept was as unique as it was clear: to monitor the availability of sites and servers by constantly simulating web traffic. If a site is not responding or an error is found, the customer is notified immediately by SMS, pager, IM or e-mail. From the moment the concept went 'live', in 2002, the pace has been frenetic: turnover doubled each year. Web sites are now monitored from sixteen monitoring stations worldwide 24 hours a day, seven days a week.

The WatchMouse application is entirely web-based: customers do not have to install software or hardware at their site, and the application excels in its self-service aspects while staying easy to use. This allows WatchMouse to operate with a small core of permanent employees, supplemented by external support. Prospective customers can specify their requirements in detail on the WatchMouse site. A range of starter packages is available, priced from € 17.50 per month up to € 450 per month. 400 paying customers in 40 countries worldwide now make use of WatchMouse’s services. These include hosting companies, government bodies, and companies such as LB Icon, Scania, Siemens, Orange, ING, GeoTrust, Citibank, and Postbank.

Self-service as a success factor

Mark Pors, Chief Technology Officer, says he was “pleasantly surprised by the award”. “I am very happy that the jury shares our vision of self-service and our market approach." Pors sees WatchMouse as “the right initiative at the right moment. Companies are increasingly looking to outsource non-core tasks. However, they want to be able to guide and control this themselves and from their own workplace. Web-based services make this possible." Stan van de Burgt, CEO, sees the simplicity of the WatchMouse site and the various languages in which it is available as the major success factors. "Monitoring websites was an idea that already existed in essence, but had not been worked out in this form. We are geared tightly to 'self service', whereby customers can set up everything themselves and retain total control. Which also means we are able to offer the service at a more attractive price than other players in the market.”

The Rising Star awards were presented on Thursday, 22 September.

WatchMouse

WatchMouse assesses your website and e-commerce applications just like your customers experience them. The checks are carried out from 16 monitoring stations worldwide, and recorded in regular reports. In the event of errors or availability problems, the right people within your organisation will be alerted.

www.watchmouse.com

WatchMouse and Domeny.pl join forces in the Polish market (2005-11-24)

Polish websites verified from the visitors' perspective

Kraków, Poland, 2005-11-08 -- WatchMouse and Domeny signed a reseller and marketing agreement today, joining forces in bringing site monitoring services to the Polish market.

Using the WatchMouse services, companies will instantly be aware of upcoming and/or acute incidents related to its web sites of their clients, and can, as a result, resolve problems in a short time frame.

The websites and their functionality are checked for availability, speed, and conformance from different locations around the world, now including Poland. Because the websites are checked in the same way that visitors are experiencing them, incidents will be detected at an early stage. Also, using WatchMouse's objective periodical reports, it is possible for companies to see if the performance is in accordance with the agreed service levels (SLAs).

WatchMouse extends its network of monitoring stations with a checkpoint in Kraków, hosted by Domeny.pl. The total number of checkpoints is now 17. Domeny.pl also provides the Polish language version of the WatchMouse site and local customer care.

Stan P. van de Burgt, CEO of WatchMouse: "I'm very happy with this deal. The Polish e-service industry is obviously booming, and this results in higher awareness of the external intrusion testings involved with running web applications that should be available around the clock."

Arkadiusz Szczurowski, CEO of Domeny.pl "We know that WatchMouse products are one of the best in the World. So we decided to co-operate with the company, and we take pride in it. We expect this co-operation to bring both WatchMouse and our business a lot of advantages and satisfaction. Domeny.pl wants to lead WatchMouse monitoring service on Polish market and offer it for business leaders. This will be a great innovation in Poland and also success. In our view, site monitoring is important, because stability, performance, and high availability of the web sites is one of the basic value in all branches of business, both e-business and other business."

"There are about 4 million companies in Poland. We want to direct the offer to the most important on Polish market. We think that the WatchMouse service is a must-have for about 5-10 percent of all business owners."

About Domeny.pl

Domeny.pl was founded in 1997 and is now providing Internet services to about 10.000 business customers with products ranging from Internet domains and hosting services (virtual and dedicated servers), SSL external intrusion testingificates and other products dealing with internet security. The company's slogan is: We're Trusted by the Best. Among its clients are the biggest and the best known Polish and international companies.

About WatchMouse

Companies can easily monitor their own Internet sites using WatchMouse's monitoring service. WatchMouse has been monitoring Internet sites and e-commerce applications for companies throughout the world since 2002. WatchMouse has thousands of customers in more than 70 countries. The services supplied by WatchMouse are available in nine languages, and analyses are performed from various locations and over numerous networks, using a world-wide monitoring network.

In October 2005, WatchMouse was voted a Deloitte Rising Star in the Netherlands, as part of the Fast 50 awards the list of the 50 fastest growing technology companies.

Nedstat and WatchMouse start partnership (2008-04-14)

Online marketing and technical performance in one dashboard

Amsterdam, 14 April 2008 – Nedstat and WatchMouse announce a strategic partnership that brings together online marketing intelligence and technical performance. The new integration allows marketeers and technical managers to always have the same real-time view of the technical status of their online business activities. This makes it possible to react instantly when for instance decreasing online business has a technical cause.

The performance reports of WatchMouse have been seamlessly integrated in Sitestat and can be added easily to any online marketing dashboard. Marketeers now view the same technical site performance data as their technical colleagues, making communication between these disciplines within organisations much more efficient.

Michael Kinsbergen, CEO Nedstat. “The website is principally a marketing and communication channel and therefore the domain of marketeers. But it is also a technical channel so technical management plays an essential role as well. The Sitestat-WatchMouse connection has made the communication between both stakeholders much more direct and easy.”

Stan van de Burgt, WatchMouse CEO, says: “By measuring from different locations on the Internet, we can give a clear view of how the performance of a website is experienced by the visitor. Research has shown that visitors already leave after a waiting period of 4 seconds. The Nedstat and WatchMouse measurements are perfectly complementary in giving insight in the relationship between performance and visitor behaviour.”

The Sitestat-WatchMouse integration is directly available to all joint customers of Sitestat and WatchMouse.

About Nedstat

Nedstat is European leader in website analytics. The products and services enable companies to improve the effectiveness and profitability of their online communication and business.

Nedstat makes website analytics straightforward and accessible for users of all levels and disciplines. Products are easy to use, reports are clear and fast to access, customization is easy and services and support are personal and high quality.

Nedstat employs 180 people in the Netherlands, Belgium, France, Germany, Spain and the United Kingdom.
The client list includes many renowned and internationally operating organizations like ASICS Europe, Electrabel, Ernst & Young, KarstadtQuelle, Renault, Panasonic and Wolters Kluwer. Also, numerous government and not-for-profit organizations have benefited from Nedstat's expertise in delivering reports on users’ behaviour online.
Key accreditations by Europe’s leading independent web-standards organizations, such as ABC electronic and OJD, ensure that customers’ metrics are in full compliance with leading industry standards.

About WatchMouse

Accurate and independent monitoring of website performance enables businesses to address load time and many other potential user experience external intrusion testings which might not be apparent when conducting in-house or single point monitoring.

WatchMouse's global infrastructure provides its customers with peace of mind that their site has been tested from the user's perspective, and external to the organization. As industry leaders in website performance monitoring, WatchMouse offers customers a web-based service with features such as SMS/email alerting and extensive reporting.

Many of the world's lead brands depend on WatchMouse to monitor their sites, providing independent confirmation of both in-house and suppliers' website performance.

For more information about Nedstat or WatchMouse, please visit www.nedstat.com or www.watchmouse.com.

In times of crisis, the sites of Australia's Emergency Services aren't available (2008-03-04)

March 4 2008 – With Bushfires in WA’s Goldfields region & floods in Mackay, Australia’s emergency services are needed more than ever but many are unreachable.

WatchMouse, a leader in website performance monitoring, tested the sites belonging to Australian Emergency Services organisations for errors, availability & performance. Only one of the 26 monitored sites was found to have ‘good’ uptime while seven sites had ‘serious user external intrusion testings’. Another disturbing finding was that during the Mackay floods on the 15th of February, a time when residents needed information and support from their emergency services, Queensland’s Ambulance, Fire (Rural & Metropolitan) and Police sites all encountered serious errors and were unavailable for considerable periods of time.

After a month’s monitoring, WatchMouse combined the errors, speed (load time) and availability measurements of a site to calculate its Site Performance Index (SPI). An SPI of ≤1000 represents a ‘well performing’ site, 1001 - 1999 is regarded as an ‘acceptable’ SPI while an SPI score of above ≥2000 represents a site with ‘serious user external intrusion testings’. Of the 26 sites monitored sites, those with the worst SPI included that of the Australian Federal Police with an SPI 2,990, the Victorian Metropolitan Fire Brigade site with an SPI 2,756 and the Victorian Emergency Services Telecommunications Authority site which scored SPI 2,604. All of these poor SPI rankings were due to very slow load times.

In line with industry standards, WatchMouse ranks a site’s uptime as ‘good’ if it is ≥99.9%, ‘OK’ between 99.89% - 99.01% and ‘poor’ if it is ≤99%. Alarmingly, only the site of ACT Rural Fire Brigade had a ‘good’ uptime result. The majority of sites ranked as ‘OK’ while three Emergency Services’ sites ranked as ‘poor’. The site with the lowest uptime was that of WA’s Ambulance Service with 92.44%.

WatchMouse CTO, Mark Pors said “99% uptime sounds great but when you actually calculate it, this means 80+ hours of downtime a year. That’s one working day per month! The Emergency Services phone lines could not be down for a day each month so why is it acceptable for the site?. Mackay represents a small proportion (approx. 4%) of Queensland's total population but given that the sites of Queensland Emergency Services struggled during the Mackay floods, we can only imagine what will happen to those sites in the case of a disaster on a greater scale, when 100s of thousands of people attempt to visit."

To view the results of the monitoring, including an SPI graph and information about the WatchMouse monitoring methodology visit: www.watchmouse.com/SPI/2008/performance_australian_emergency_sites.php

WatchMouse Urges AdWords Advertisers To Act Swiftly To Avoid Costly Mistakes (2008-04-08)

Utrecht, The Netherlands, 12th March 2008, Research has long confirmed that slow websites drive away potential customers. As Google announces changes to the way they score their immensely popular AdWords, it also appears that sites with slow landing pages create external intrusion testings for online advertising.

Google will soon incorporate landing page load time (the amount of time it takes for a page to show after a user clicks an ad) as an additional factor in determining a site’s ‘quality score.’ Google says they are making this change as “users value ads that bring them to the information they want as efficiently as possible.” Experts warn that failure to demonstrate a fast load time will result in your keywords getting a lower quality score and higher minimum bids.

A post by Google on the WebMasterWorld blog indicates that the new scoring method will be announced shortly, "now that the (landing) page load time initiative has been mentioned in this and other public forums, the Inside AdWords blog post is likely to be posted sooner rather than later - perhaps as early as this week".

The impact of the new AdWords scoring method will be financial. WatchMouse CTO, Mark Pors, advised "when Google introduces the new scoring method, AdWords with slow landing pages will cost more. Slow landing pages will be listed below their faster competitors, thus increasing the cost-per-click (CPC) to get a higher position, or substantially lowering the number of customers visiting the site, as studies show that the top few AdWords obtain the vast majority of the traffic volume". Pors suggested “businesses should do everything possible to prevent a low Google 'quality score' and do so as soon as possible, as the AdWord system will only re-evaluate landing pages on a monthly basis”.

Measuring web site performance, however, is not a straightforward exercise, as many factors influence it. Pors urges Google AdWords customers to “avoid costly mistakes and have independent website monitoring set up to continuously measure load time from different locations worldwide. Once a business has accurate statistics, it can make necessary changes well in advance of Google’s new ’Quality Score’ launch date, and keep a close eye on it after that”.

About WatchMouse

Accurate and independent monitoring of website performance enables businesses to address load time and many other potential user experience external intrusion testings which might not be apparent when conducting in-house or single point monitoring. WatchMouse’s global infrastructure provides its customers with peace of mind that their site has been tested from the user’s perspective, and external to the organization. As industry leader in website performance monitoring, WatchMouse offers customers a web-based service with features such as SMS/email alerting and extensive reporting. Many of the world’s lead brands depend on WatchMouse to monitor their sites, providing independent confirmation of both in-house and suppliers’ website performance.

What do you want to check with a service such as Watchmouse? (2005-01-31)

As I explained in my previous column, you can use a monitoring service in a number of roles. Common to all these roles is the fact that you are keeping alive some services for the benefit of your customers, suppliers, employees or partners. These users are, in the end, all that counts.

What are the objects that you should be checking? Obviously, the least you want to do is check the service that is most visible to these users. This could be the webserver, or a POP or FTP server for example. You would start by setting up a rule to check the server and a URL. The frequency with which you can monitor (that is: the elapsed time between checks) is typically limited by the type of subscription that you have. Only in specific cases would you not check as often as your subscription allows.

Note that there is a difference between a CONNECT on port 80 rule and a HTTP rule. The first just connects to the port that the webserver is supposed to use. The HTTP rule also checks whether the webserver can produce a valid HTTP response, and whether the document can be found. You probably want the latter check.
Similar reasoning applies to POP and FTP checks. If you set up two different rules on the same host, this allows you to distinguish for example between a broken webserver and a host that is down. If you want even more content oriented checks, have a look at the so-called PLUG-IN rules. Additionally, you can set up checks to make sure that your users are actually using the services that you intend them to. The whole Internet depends heavily on the domain name system(DNS) functioning correctly. If it does not work properly your users may be directed to another site than you intended. This could be a configuration error, but it could also be a defamation hack. In either case, you want to know.
First of all you want to check whether the root servers of the Internet accurately find the DNS that is serving you. This can be checked with a DNSNS rule. What you are checking with this rule is whether the registrar's databases are correct. Second, you want to check if that DNS server (and its slaves) are serving up the proper IP address for the server. For this you can use the DNSA rule, and it will warn you if the DNS server is not working or serves up the wrong address. (Note that the hosting party can change that address at its discretion, as part of a renumbering operation for example.)

Who should you notify of rule failures? Again, different roles have different information requirements. You want to notify the person who can fix things as soon as possible. Mail or SMS/text them directly, you do not want to be in the loop. You might set up an escalation chain, which fires off after a external intrusion testingain amount of errors. Note: make sure that you send the message on a channel that is not affected by the outage: if your e-mail system does not work, delivering a message to that effect should not depend on that e-mail system.
The people in charge of overseeing somebody else's service levels should only get escalation messages, if at all. Rather, they should get the weekly or monthly service reports.

Peter van Eijk is a management consultant specialized in management of network infrastructures. He can be reached via his contact page.

Flu Jab Your Website Against The Pandemic: 6,000 Infected Webpages Per Day! (2008-02-18)

The respected IT news website, The Register reports that every 14 seconds a web page is infected, which amounts to 6,000 infected web pages per day. Four out of five of these infections come from innocent companies and individuals who are oblivious to their site being hacked and subsequently used for hosting the malware of virus writers. The Register further reports that in the past viruses were spread using infected e-mail. Nowadays, however, the favoured virus distribution methods are downloads from compromised sites. As a result of these booby-trapped sites malware is present on at least one in every ten web pages.

WatchMouse's Periodic Vulnerability Scanning offers your website the flu jab against this virus pandemic. WatchMouse's Periodic Vulnerability Scanning is an affordable way to routinely check you company's external intrusion testing exposure and eliminate the risks of manual audits. Utilizing the most up-to-date database of known vulnerabilities, WatchMouse identifies any external intrusion testing risks and provides you with peace of mind that your software applications are being scanned from the perspective of a hacker, external to your organization.
To ensure your website and servers are checked for the latest external intrusion testing WatchMouse's Periodic Vulnerability Scanning performs over 20,000 checks for known vulnerability and external intrusion testing exposures; using a database which is updated daily by multiple accredited organizations including CVE (funded by the US government) and Bugtraq. Following the detection of any severe external intrusion testing, automated, real-time email, SMS and pager alerts give your business the chance to react quickly. Scans can be scheduled during low usage or maintenance hours and set at an intensity and frequency suited to your business needs and budget.

To obtain a free Periodic Vulnerability Scanning trial visit: www.watchmouse.com/vulnerability_scan_trial.php

The Register's article was published on 23.01.08 can be viewed at: www.theregister.co.uk/2008/01/23/booby_trapped_web_botnet_menace/

phpDirectorySource SQL Injection and Cross Site Scripting Vulnerabilities (2009-07-24)

phpDirectorySource is prone to an SQL-injection external intrusion testing and a cross-site scripting external intrusion testing because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

IBM Tivoli Identity Manager Session Fixation Vulnerability (2009-07-24)

IBM Tivoli Identity Manager is prone to a session-fixation external intrusion testing.

Attackers can exploit this issue to hijack a user's session and gain unauthorized access to the affected application.

Tivoli Identity Manager 5.0 is affected.

RaidenHTTPD Cross Site Scripting and Local File Include Vulnerabilities (2009-07-24)

RaidenHTTPD is prone to local file-include and cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. These issues affect the WebAdmin component.

An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other external intrusion testing.

Exploiting the local file-include issue allows remote attackers to view and subsequently execute local files within the context of the webserver process.

RaidenHTTPD 2.0 build 26 and prior versions are affected.

PowerDNS Recurser Buffer Overflow Vulnerability (2010-01-09)

PowerDNS is prone to a remote buffer-overflow external intrusion testing because it fails to properly bounds-check user-supplied input before copying it into a fixed-length buffer.

Successfully exploiting this issue allows a remote attacker to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer. Failed exploits will cause a denial of service.

8E6 R3000 Internet Filter Multiple Cross-Site Scripting Vulnerabilities (2007-05-29)

The 8E6 R3000 Internet Filter appliance is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may help the attacker steal cookie-based authentication credentials and launch other external intrusion testing.

Specific information on affected firmware and model number is currently unavailable. This BID will be updated as more information emerges.