Gal Shpantzer, friend of the blog, fellow blogger, and a writer for CSO Online asked us to bring some attention to a worthy cause. As part of his talk at Security B-Sides Boston in Cambridge, MA, he will partake in certain unabashed activities for each monetary contribution threshold reached for Hackers for Charity.
Tag: "google hacking"
We have been continuing to play around with the SHODAN Computer Search Engine after first looking at it last week. We continue to identify a variety of devices we sometimes note on security engagements (although usually on internal networks) that: should not be externally accessible and are either still using factory default credentials or are not using any credentials to access administrative interfaces. Accessing the administrative panels of these devices would allow a bad actor to further compromise the organization running the device on its network. We can quantify that we are seeing results not just for poorly configured home offices or small businesses, but large and medium businesses who would experience significant negative effects when breached or their devices tampered with. We’ll continue to blog about our findings until we get bored with it. Today’s search demonstrates how we found a few hundred accessible interfaces for IP Camera DVR surveillance systems.
IT Administrators responsible for the servers whose listening services are showing up in the search results of the new SHODAN Computer Search Engine should pray that the ethical restrictions of those ‘shodanning’ (googling counterpart?) or searching remain intact. Or better start the implementation of countermeasures (close unnecessary ports, etc).