Better weekly pdf reports

The weekly pdf reports have been available for a while. You could even already subscribe and get them by email. This option wasn't really promoted because, to be honest, the reports were quite boring. The good news is, that has been fixed!

The first page of the new weekly report now has fancy colored donut charts that will give you an instant overview of how many assets you have and how big your problems are. There is also a graph showing how your events are distributed over the week. Critical alerts now have a colored icon showing how critical it is, just like on your timeline. And ip addresses and urls for blacklisted items, new assets and most active assets are now clickable. The links will take you straight to the source of the information in de webversion of ShadowTrackr.

Although this is a big improvement, it's not yet done. The last part of the report is still much like it was before, and traps and keywords are not properly reported. This is still a work in progress, I'll keep you updated.

Website security grade

After last week's blunder things could only get better. And they do this week. So far the website security checks that Shadowtrackr did were not mature enough. I always wanted some sort of easy to grasp grade like SSLLabs has for certificates. After looking around for a while I settled on the Mozilla Observatory grading system.

It has a similar grading scheme too SSLLabs and does proper security checks. Some other ratings systems, like internet.nl, are less focused on security. Don't get me wrong, I fully support the internet.nl checks, but I just don't think that if your hosting provider's nameserver is not reachable over ipv6 this should cost you security points. I'd rather have a good CSP to protect against XSS attacks.

The scoring on the CSP part is, for now, quite brutal to be honest. A CSP that allows unsafe-inline will cost you about 20 points, which caps your grade at a B+. This means ShadowTrackr will show it as a warning (orange). Al lot of orange and red will show up. Interpret these as your opportunities to really improve website security :-)

The grades are added to the website report. If you click the website link frmo the report, you can see on the website page what tests were done and how your grade is calculated.

Better keyword monitoring and a failed Friday update

As some of you may have noticed, there was an update. On Friday. Late in the afternoon. Despite knowing the jokes about this, I did it anyway and it failed. Throughout the week there are numerous tiny updates that you'll hardly notice. The bigger updates are usually done in the weekend, and only after they have been running successfully in test for a while. This update was running ok in test, but the test was obviously not complete enough. The decision of how much to test is always hard. No one wants to unnecessarily slow down development.

The update
Well, up until now keywords where matched as whole words. This means there are spaces (or tabs, or new lines) around them. If you entered something between quotes, like "@shadowtrackr.com", this would find Shadowtrackr email addresses in passworddumps. But if you just had a surname (without quotes) this would be missed in passworddumps. The surname would likely be prefixed with a '.' (behind the first name) and postfixed with a '@'. No match. That has changed now. Shadowtrackr matches a word between any non-letter and non-number character now.

In some cases you might want to detect a partial match, like sub in subdomain. On the traps page for your keyword you can check the box "match partial keyword" for this.

What went wrong?
When you have multiple keywords in a trap, they should all occur before a notification is send. With this new algorithm, this went wrong. Any of the keywords now was enough. To make things worse, the update set the default state for "match partial keyword" to on. This resulted in way more notifications than you'd be happy with.

The problem only lasted for about half an hour, but you can get an amazing amount of notifications in that time. I myself got about a thousand of them. My sincere apologies to you all, I'll be more careful with updates.