http://praetorianprefect.com Information security, a little slower...a little deeper Fri, 16 Mar 2012 05:46:23 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 http://praetorianprefect.com/archives/2009/12/shodan-cracking-ip-surveillance-dvr/ http://praetorianprefect.com/archives/2009/12/shodan-cracking-ip-surveillance-dvr/#comments Thu, 03 Dec 2009 01:03:21 +0000 Prefect http://praetorianprefect.com/?p=1881 after first looking at it last week. We continue to identify a variety of devices we sometimes note on security engagements (although usually on internal networks) that: should not be externally accessible and are either still using factory default credentials or are not using any credentials to access administrative interfaces. Accessing the administrative panels of these devices would allow a bad actor to further compromise the organization running the device on its network. We can quantify that we are seeing results not just for poorly configured home offices or small businesses, but large and medium businesses who would experience significant negative effects when breached or their devices tampered with. We'll continue to blog about our findings until we get bored with it. Today's search demonstrates how we found a few hundred accessible interfaces for IP Camera DVR surveillance systems.]]> http://praetorianprefect.com/archives/2009/12/shodan-cracking-ip-surveillance-dvr/feed/ 3 http://praetorianprefect.com/archives/2009/11/youve-been-shodand/ http://praetorianprefect.com/archives/2009/11/youve-been-shodand/#comments Thu, 26 Nov 2009 00:14:23 +0000 Prefect http://praetorianprefect.com/?p=1781 SHODAN Computer Search Engine should pray that the ethical restrictions of those ‘shodanning’ (googling counterpart?) or searching remain intact. Or better start the implementation of countermeasures (close unnecessary ports, etc).]]> http://praetorianprefect.com/archives/2009/11/youve-been-shodand/feed/ 2