Server Vulnerability Monitor

Redesigned WatchMouse site and new product plans (2009-12-24)

We’re pleased to announce the redesign and launch of www.watchmouse.com. The new site is faster, more responsive and designed to be much more intuitive. Don't take our word for it though, try it yourself and let us know what you think!

The changes:

• Clean, task-oriented design
• Faster page loads
• Improved main console for a better overview of your monitors and better access to the monitoring details
• New "dashboards" featuring related, grouped information and tasks
• A new dashboard selector on every page after you log in, just below the search field

We’ve also introduced chat support. You can now chat directly on the site whenever the support team is online (normally 8 AM to 8 PM Central European Time or GMT+1).

Stay tuned for even more usability improvements and additional features coming up in Q1 of next year!

New Product Plans

You asked and we listened! We’ve received many requests for expanded plans, and also for a slimmed down plan for personal use. Additionally, the functional test (scripts) we introduced last year have become very popular, so we decided to add these tests in all professional packages.

The changes:

• We added functional tests to the Webmaster and Corporate plans, plus a one-minute monitor in the Corporate plan - all at the same price
• Two new professional plans have been added: the Enterprise Plan with 100 monitors (including 20 functional tests) and the Multi-Site Plan
• The Gold Plan that included 10-minute monitors only, has been discontinued, however current customers can still continue to use this package
• All Professional Plans now include complementary vulnerability scans to verify that your site and server is safe
• Lastly, we added the Personal Plan, a cost-effective plan for small sites, and we beefed up the free, Lite Plan so it now checks at 20-minute intervals

Full details can be found at: http://www.watchmouse.com/compare_plans.php

Take a look at the new WatchMouse website and give us your feedback. Bear in mind we’re still adding content and polishing the edges, but we'd be delighted to hear your thoughts and comments!

Happy holidays!

Stan P. van de Burgt

CEO

WatchMouse

P.S. You may find an occasional English word in the non-English sites. Please note that these will be replaced within the next few days.

TimeTools NTP Time Server Syslog Monitor Remote Denial of Service Vulnerability (2009-01-17)

TimeTools NTP Time Server Syslog Monitor is prone to a denial-of-service vulnerability because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Apple Mac OS X Event Monitor Log Parsing Denial of Service Vulnerability (2009-11-11)

Apple Mac OS X is prone to a denial-of-service vulnerability that affects the Event Monitor component.

Attackers may exploit this issue to cause denial-of-service conditions in services that process the SSH server log data.

NOTE: This issue was previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

This issue affects Mac OS X Server 10.5.8 and prior.

Ethereal SOCKS Dissector Format String Vulnerability (2009-07-12)

A format string vulnerability has been reported in some versions of the SOCKS dissector for Ethereal.

An attacker can exploit this vulnerability by connecting to a vulnerable SOCKS server and sending malicious format string specifiers to the SOCKS server. If Ethereal is being used as a security tool to monitor network packets, it is possible that sensitive memory may be corrupted.

This has been confirmed to result in a denial of service condition. Additionally, it may be possible to cause Ethereal to execute malicious attacker-supplied code.