Reliable weekly pdf and hello Sydney!

Besides basic maintenance and bug fixes, not much happened during the summer. But now holidays are over and development has fully started again.

Today’s weekly report will be send with Sendgrid instead of directly from the ShadowTrackr server. It is becoming harder and harder to run a mailing without having your server occasionally blocked. It possible, but it just takes a lot of time that is better invested elsewhere. After a second client complained about not receiving the weekly, the decision was made. If this first run is a success, we’ll be moving mail notifications to Sendgrid as well. Please send a message if your weekly pdf is not in your mailbox on Monday morning.

Certificate scans are running great with the new engine and we hope to start scanning TLS certificates on more ports soon. But capacity has been an issue. The number of clients has been growing, and some have lots of certificates to scan. Even after optimisations the scanning nodes could not keep up. That means time to throw more hardware at it and a chance to add a new scan location: Sydney. The new location might result in existing clients detecting more cloud endpoints if you have services with a global profile on Azure of Amazon (which is good off course).

New TLS certificate scanner

ShadowTrackr has been using the SSLLabs engine to scan certificates for a few years now. This has been performing consistently well until a few weeks ago.

First, performance started to drop. Then errors started appearing. Then, the errors (mostly false positives on trust issues) went away, but performance was still bad. Next, some errors reappeared again.

We strive to provide you a good service and could no longer do this with the SSLLabs engine. This weekend, the engine got swapped with a new one that is running entirely on our own servers. The SSLLabs grading scheme is still the best out there that we know of, so we do stick to that. And most of the other options are the same as well, including the reports.

Since we run the scans from our own servers now, more options are opening up. These will require some time to implement, but expect scans of certificates running on mailservers and other ports and some extra security checks somewhere in the next few months.

For now, all certificates have to be rescanned and we’ll likely have some fine-tuning to do. You might see less certificates in today’s weekly pdf due to this.

Improved software detection

The new port scanner module has been released to production this week. It’s better at port scanning and preventing trigger happy firewalls from messing up the scan results. Besides this it also has options to determine the actual software running on some common ports. Often the new scanner is able to detect which version is running too.

Most of you will be familiar with the software report showing you what software you expose to the internet and if any CVEs are known for that software. Up until now these results were based on websites scans only. With this update software found on other ports is added and you’ll have a more complete view of your attack surface.

To support searching software better we’ve also introduced the search options asset.software and host.software as addition too website.software. Clicking through from the software report page automatically uses assets.software to make sure you find all relevant results.

So, if you have new critical or high vulnerabilities in your weekly report, you now know where they come from.