What if someone changes the bank account on your website?

You can now monitor this and get alerts pushed to your phone. Technically, it's a rather simple thing. But functionally it's quite useful. If you're afraid someone hacks your website and changes the bank account you have published there, you are now covered.

This traps works for any text that has to be present on the website. So you can monitor for a change in the contact email address by just specifiying the urls and the email address, and you'll get notified when the email address disappears.

Besides monitoring for a specific text, you can also get notified for any change on the website (including layout changes), or if the website is not available due to some error. You can enter any website under the tab events in traps. It doesn't have to be for a domain that you've registered under assets.

New: Phishy domain tracking

Yes, I still see things I can improve on current functionality, and yes, I'll keep working on that. But sometimes you just have to indulge yourself. So, I've just added phishy domain tracking to ShadowTrackr.

A phishy domain is a domain that looks similar enough to one of your domains for it to be used in phishing attempts. That is, someone is pretending to be you and phishing your clients. I've been testing several algorithms to generate phishy domains and settled on a combination that seemed to work well.

The number of phishy domain candidates generated per url can vary between 1 and more than 1000 (it's shown on the url page). This number depends on the domain length, top level domain and characters used. All candidates are tracked and for those domains responding the information is shown in the new phishy domain report (rather obviously found under "reports"). You can quickly see if it's harmless (because it's redirected to the original) or click through to more detailed information like mailservers, nameserver and website similarity percentages that will help you determine if it's malicious. Of course, you'll get notifications when likely phishy domains are found.

Although I've been testing for a few weeks with this, I expect there's still a lot to be learned about tracking phishy domains and I'll be revisiting this subject.

SSL certificate reports page

Besides fixing the bugs that come with a major update, I've also been working on some minor improvements. Nothing really fancy, just more consistent checks and better, more specific messages. For instance if the host name on the certificate does not match, ShadowTrackr not only shows the error message but also the common names the certificate is actually issued for. This is the first thing I want to know when I see this error, and I guess most of you too.

The biggest change has been on the certificates reports page. Up until this weekend there was a separate Bleichenbacher/ROBOT report page. It showed wich certificates on which urls where vulnerable. The overview was nice, but why stop there? You'll also want to know about Ticketbleed, DROWN, and all the other SSL vulnerabilities right? So, the separate Bleichenbacher page is now gone. Any certificates vulnerable to this and other attacks are explicitly shown on the certificate report page. Nothing there? That means you're good :-)

Monitoring is now done separately for each url on each endpoint (instead of just the url like before). So if the same certificate appears on an ipv4 and ipv6 address, it will appear twice in the list with the ip shown next to the url. Most of the vulnerabilities you can have are related to the server anyway and not the certificate itself, so this provides a more accurate overview.

Although these are small steps, I hope you enjoy the improvements.