Online Security Monitor

Many improvements and new features for WatchMouse users (2005-01-31)

The last few months many improvements were made and new features were added to the WatchMouse service.
All new features are available for current and new subscribers at no extra charge.

The major improvements and features are listed below:

• New feature: A message log, which allows you to see the date, time, type and destination of all notifications that have been sent to you or your colleagues.
• Update of the logs access page: listing of WatchMouse members who have given you access to watch their log files and graphs, and the option to remove them from your list.
• Addition to the member details page: Financial contact details for invoicing can now be stated explicitly.
• Major improvement to the log file viewer: both online security monitord and extra checks (in case of a triggered rule or an user initiated check) are shown in the log files as well as the second opinion checks.
• Improvement of the user interface of the rule settings: introduction of a simple mode and expert mode. The rule wizard is removed
• Much requested feature: the time-out for a rule can now be specified by the user in the rule settings page (expert mode).
• You can now have many inactive rules, in addition to your active rules. This is no longer limited by the maximum number of rules for your subscription.
• For journalists only a press update service has been added.
• Many, many small (and big) improvements "under the hood".

As always: if you are missing a feature, please let us know! We will most likely add it in the next release.

New: online security monitord maintenance, work online security monitors, performance indicators (2006-11-28)

1. Set-up maintenance periods per rule

   In the monitoring settings page, in "expert mode", you can now:

   • Start and duration of the maintenance period
   • Optionally set the repeat period (daily, weekly, monthly)

   During the maintenance period, WatchMouse will continue monitoring your servers but errors are not included in downtime calculation, and alerts are not sent. In the performance chart and logs, the checks while in maintenance are marked as such (see legend). The maintenance periods will be made visible in the graphs too.

2. User defined performance limits

   You can now define on a per-rule basis the limits for good, poor, and bad performance next to the existing ('timeout'). These limits can be entered in the monitoring settings page, in "expert mode". These limits are used in the performance chart.

3. Work online security monitor options in your contacts

   You can now specify which days, and which hours people in you contact list are on duty:

   • When not on duty, no alerts will be sent to this contact person
   • This is also useful for group alerts, with non-overlapping online security monitors
   • A contact can now also be set to 'inactive' manually, just like the monitoring rules
   • Inactive contacts do are not included when computing the maximum number of contacts you can still use

   You can set the work online security monitor in your contacts page, after selecting one of your existing contacts or entering a new contact.

New feature: Custom PDF reports in your mailbox (2007-07-10)

As of today, you can compose your own reports, and have them sent as PDF attachments to your account contacts at regular intervals (every day, week, month).

Similar to the WatchMouse Dashboard, you can drag and drop performance graphs, insert uptime tables and error logs, and include headings and descriptive text.
Once you have defined your report, it can be previewed and online security monitord to be emailed to the contacts you specify.

You can find the Custom reports tool on the Reports tab. The number of reports you can create depends on your subscription, but can be increased by adding a 'Reporting pack'. One pack gives you an extra 10 custom reports.

You can choose your own design (background color and layout, logo's) for these custom reports. If you are interested in this feature, please contact us for a quote.

Did you know? Hackers probe your servers for vulnerabilities between 5 and 170 times per week (2007-10-29)

Test your site now: Free 10 day / 10 scan trial

With a dramatic rise in malicious attacks, it is now critical to test your websites and servers for security vulnerabilities. Having the latest firewalls and Intrusion Detection Systems will not protect your organization if they (or the services behind it) are not kept up-to-date and configured correctly.

This means that verifying the security of your systems is not something you can do just once, nor should you check this just every now-and-then. New vulnerabilities are identified every day, exploits become available soon after it, and every change in your systems' configurations, however small, may open up new vulnerabilities. Having audited last week does not imply your systems are fine today!

The WatchMouse Periodic Vulnerability Scan is an affordable way to routinely check your company’s security exposure. Utilizing the most up-to-date database of known vulnerabilities, WatchMouse’s identifies any security risks and provides you with the peace-of-mind that your web applications are being scrutinized from the perspective of a possible attacker.

Characteristics

WatchMouse offers Periodic Vulnerability Scanning with an online security monitor - hacker's - view, with the following characteristics:

• Currently over 20,000 vulnerabilities are checked. Checks for new vulnerabilities are added on a daily basis.
• The frequency and the intensity of a scan can be tailored to your policies, and implemented immediately on our self-service website.
• Severe vulnerabilities can, depending on your preferences, initiate SMS (text) or paging alerts, giving you, or your webmasters, the opportunity to react quickly in case of new vulnerabilities.
• Extensive reporting is available for each scan, including pointers on how to fix vulnerabilities.
• WatchMouse's unique Vulnerability Scan Customer Console allows you to manage subsequent scans by inspecting differential reports and open issues, declaring vulnerabilities fixed, adding operator comments, etc.

Try now: Free 10 day trial!

WatchMouse Public Status Pages: your own public website health page in two clicks! (2009-08-19)

Today we move the WatchMouse Public Status Pages (WMPSP) out of beta, making them available for all WatchMouse customers free of charge!

What is a Public Status Page?

A public status page is a web page that informs your customers on the status of your services, inspired by similar pages from many organisations like Amazon, Apple, Google, but also ISPs, financial institutions and other organisation who deliver critical services to other companies or the general public. Well-known examples are:

• The Amazon web services Health Dashboard
• Apple MobileMe support (top right corner)
• Google Apps Dashboard
• Nationwide (a UK bank) service page
• The WatchMouse Status Page and our Monitoring stations status (yes, we eat our own dog food)

On our Public Status Pages the current status of your selection of on-line services can be displayed, and updates (public announcements) can be placed there for your customers. The pages are hosted on the Amazon cloud infrastructure, ensuring that your status page is highly scalable. It also ensures that your status pages continue to be available even if your main site or service is not.

Should my organization have a Public Status Page?

There is a strong trend to inform customers as soon as possible when certain services become unavailable, and announce maintenance well in advance. If you would like to provide your customers a dedicated status page for the on-line services you provide to them, WMPSP is a very efficient and cost-effective solution for your organisation. You can have a Public Status Page set up in minutes by creating one or more rules in your WatchMouse account, set up a public folder, and move these rules into this folder. Using the WMPSP setting page you can post announcements, annotate current issues, and optionally set up a special host name (CNAME) so people can access the status page using your domain name, e.g. status.yourdomain.com.

How does it work?

After you have set up a public folder with monitoring rules in your account, the status of these rules will be pushed to http://status.watchmouse.com/NNN automatically (where NNN is a unique id for your status page). Make sure the settings of the rules, and especially the timers for the performance thresholds are according to your standards / SLA. You may want to have a similar set of rules with more strict thresholds for internal use so you will get notified well before your Public Status Page is update. Note that you can have your own host name as well, i.e.status.yourdomain.com instead of http://status.watchmouse.com/NNN

Whenever there is a performance or availability issue, you can annotate this in your WatchMouse account and this information (e.g. "our technicians are working on a solution, expected to be available at 16:00") will be pushed to the WMPSP as well. Similarly, you can announce maintenance or downtime in the same procedure and this will be listed in the announcement section of your Public Status Page.

All Public Status Page are hosted on the Amazon web services infrastructure, making it independent from your own servers availability and ensuring a very high availability and scalability.

Get started now!

• Login into your account and go to the standard rule settings page
• Create a new rule folder for each WMPSP you would like to set up, and create rules within those folder that are representative for the availability of your main services.
• Go to the WMPSP setting page and click the [add] button, and select a folder you created in the previous step.
• Optionally you can also add a host name within your own domain in the CNAME field. Not that you have to add a CNAME record to you DNS for this host name pointing to status.watchmouse.com.
• Click [make public] and you're done! Note that it might take a minute or two before the status page is actually available, since the data has to be transferred to the Amazon AWS platform first.
• Test your WMPSP by clicking on the Name and/or CNAME links in the public folder listing. Observe that each rule has it's own detail page which looks like this: WMPSP for the WatchMouse web site
• Note that the name and logo shown can be changed in your account details
• Next you can add announcements to your WMPSP in case you have online security monitord maintenance for one of more services or when actual issues arise and you would like to update your customers about the progress fixing it.

WatchMouse Launches API-status.com (2010-01-20)

New Site Monitors and Measures Uptime of 26 Popular API and Cloud Services Websites; Report Reveals Amazon, Google and Yahoo Among the Best and Vimeo, foursquare and Yammer Among the Worst Performers

WatchMouse, a global industry leader in self-service website and application performance monitoring, announced the launch today of API-status.com, a new dedicated website for monitoring and measuring the real time availability and performance of the public APIs of 26 heavily trafficked, popular “cloud computing” mega web services including: Google Search, Google Maps, Bing, Facebook, Twitter, SalesForce, YouTube, Amazon, eBay, PayPal, Wikipedia and others.

API-status.com does a call and check for a valid result on each of the APIs, and if the result is wrong or is received after four seconds, it is noted as an error and unavailable. The percentage of availability or uptime is based on the number of errors reported; details on API-status.com include a seven-day history along with a 24-hour glance and performance indication by country.

"Nearly all websites nowadays include information from online security monitor sources such as maps or social media feeds. It impacts millions of websites worldwide if these services and systems are slow or down and can invoke a global domino effect of breakages and slowness," states Mark Pors, CTO and co-founder of WatchMouse. "The four-second limit on the response time may seem strict, but it is actually a long time, especially when the (mash-up) sites need to do multiple API calls to present a complete page to the visitor."

According to a recent report produced by Forrester Research and Akamai, two seconds was revealed as the new threshold of acceptability for e-commerce web page response times.

30-Day Report Card and Methodology

WatchMouse monitored the availability of 26 API/cloud web services during the period of December 16, 2009 to January 16, 2010. The results found that Yammer API had the lowest availability with 96.06 percent uptime and Amazon, Google Maps, Google Search, last.fm, and Yahoo Maps with the highest availability with 100 percent uptime. In accordance with industry standards, availability of greater than or equal to 99.9 percent is regarded as "good" while anything below 99 percent is regarded as "poor" site uptime. The methodology for testing the sites includes one simple API call and check for a valid result. This typically means an authentication action for most APIs, including a login, followed by a search or listing action, plus a check of the expected result action. The expected result can immediately return as an error or if the expected result action is reported after four seconds, it is also logged as an error. These errors are used to create the percentage of availability or uptime for each of the sites. Each site is checked in real time using the WatchMouse Public Status Pages tool, which can be used to measure and report the availability of any public website. Companies use the tool, which is hosted on the Amazon platform to inform customers and report publicly on the status of their services.

Click here to read the full report of all 26 website services uptime or visit www.API-status.com for real time status and statistical data on each website.

About APIs

An application programming interface (API) is a set of data structures, protocols, routines and tools for accessing a web-based software application. The practice of publishing APIs allows web communities to create an open architecture for sharing content and data between communities and applications. Content that is created in one place can then be dynamically retreived, posted and/or updated in multiple locations on the Web.

About WatchMouse

Founded in 2002, WatchMouse is a global industry leader in self-service website and application performance monitoring. WatchMouse product tests the behavior and availability of websites, services and applications utilizing an infrastructure that includes 42 worldwide remote monitoring stations in 26 countries. Advanced remote monitoring helps eliminate website downtime, allows issues to be identified and resolved quickly and guarantees peace of mind that your website has been thoroughly and externally tested from the user’s perspective. WatchMouse’s web-based products are easily deployed and offer many features including: extensive reporting tools, root cause analysis, automated email and text/SMS alerts. WatchMouse supports Philips, ING, VeriSign and other leading global companies who depend on WatchMouse to provide independent confirmation of both in-house and suppliers’ website performance. WatchMouse is a privately held company headquartered in Utrecht, The Netherlands. Learn more at http://www.watchmouse.com.

WatchMouse Periodic Vulnerability Scanning has enabled us... (2010-01-13)

WatchMouse Periodic Vulnerability Scanning has enabled us to overcome the time consuming task of managing monitoring internally. The removal of all duplicate findings and neat presentation in the WatchMouse Customer Console further reduces the time Lectric Webservices has to spend on maintaining secure systems.

General Manager, LECTRIC Webservices

Flu Jab Your Website Against The Pandemic: 6,000 Infected Webpages Per Day! (2008-02-18)

The respected IT news website, The Register reports that every 14 seconds a web page is infected, which amounts to 6,000 infected web pages per day. Four out of five of these infections come from innocent companies and individuals who are oblivious to their site being hacked and subsequently used for hosting the malware of virus writers. The Register further reports that in the past viruses were spread using infected e-mail. Nowadays, however, the favoured virus distribution methods are downloads from compromised sites. As a result of these booby-trapped sites malware is present on at least one in every ten web pages.

WatchMouse's Periodic Vulnerability Scanning offers your website the flu jab against this virus pandemic. WatchMouse's Periodic Vulnerability Scanning is an affordable way to routinely check you company's security exposure and eliminate the online security monitor of manual audits. Utilizing the most up-to-date database of known vulnerabilities, WatchMouse identifies any security online security monitor and provides you with peace of mind that your software applications are being scanned from the perspective of a hacker, external to your organization.
To ensure your website and servers are checked for the latest issues WatchMouse's Periodic Vulnerability Scanning performs over 20,000 checks for known online security monitor and security exposures; using a database which is updated daily by multiple accredited organizations including CVE (funded by the US government) and Bugtraq. Following the detection of any severe issues, automated, real-time email, SMS and pager alerts give your business the chance to react quickly. Scans can be scheduled during low usage or maintenance hours and set at an intensity and frequency suited to your business needs and budget.

To obtain a free Periodic Vulnerability Scanning trial visit: www.watchmouse.com/online security monitor_scan_trial.php

The Register's article was published on 23.01.08 can be viewed at: www.theregister.co.uk/2008/01/23/booby_trapped_web_botnet_menace/

phpDirectorySource SQL Injection and Cross Site Scripting Vulnerabilities (2009-07-24)

phpDirectorySource is prone to an SQL-injection online security monitor and a cross-site scripting online security monitor because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

IBM Tivoli Identity Manager Session Fixation Vulnerability (2009-07-24)

IBM Tivoli Identity Manager is prone to a session-fixation online security monitor.

Attackers can exploit this issue to hijack a user's session and gain unauthorized access to the affected application.

Tivoli Identity Manager 5.0 is affected.

RaidenHTTPD Cross Site Scripting and Local File Include Vulnerabilities (2009-07-24)

RaidenHTTPD is prone to local file-include and cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. These issues affect the WebAdmin component.

An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other online security monitor.

Exploiting the local file-include issue allows remote attackers to view and subsequently execute local files within the context of the webserver process.

RaidenHTTPD 2.0 build 26 and prior versions are affected.

PowerDNS Recurser Buffer Overflow Vulnerability (2010-01-09)

PowerDNS is prone to a remote buffer-overflow online security monitor because it fails to properly bounds-check user-supplied input before copying it into a fixed-length buffer.

Successfully exploiting this issue allows a remote attacker to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer. Failed exploits will cause a denial of service.

8E6 R3000 Internet Filter Multiple Cross-Site Scripting Vulnerabilities (2007-05-29)

The 8E6 R3000 Internet Filter appliance is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may help the attacker steal cookie-based authentication credentials and launch other online security monitor.

Specific information on affected firmware and model number is currently unavailable. This BID will be updated as more information emerges.