Blog Posts Tagged with "Shodan"

E376ca757c1ebdfbca96615bf71247bb

Network Surveillance Devices Discovered via Shodan

September 20, 2012 Added by:shawn merdinger

It’s no secret that Shodan has turned up some interesting findings over the years. Now, we can add surveillance devices like BlueCoat Proxy and PacketShaper boxes, Cisco routers running Lawful Intercept code and various vendors’ CALEA Mediation Devices to what savvy researchers can find...

Comments  (1)

E376ca757c1ebdfbca96615bf71247bb

Shodan: There is Now an App for That

July 11, 2012 Added by:shawn merdinger

Since October, 2010, Shodan has consistently made waves in the information security world. Like any security tool, Shodan can be leveraged by both malicious attackers and legitimate security operations to gain insights into the public IP exposure of an organization. Now enters the Shodan App...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Control System Internet Accessibility

June 25, 2012 Added by:Infosec Island Admin

ICS-CERT is tracking and has responded to multiple reports of researchers using SHODAN, Every Routable IP Project (ERIPP), Google, and other search engines to discover Internet facing control systems. ICS-CERT has identified system owners and operators to notify them of their potential vulnerability...

Comments  (0)

7d55c20d433dd60022642d3ab77b8efb

Companies Exposing Critical SAP Services to the Internet

June 19, 2012 Added by:Alexander Polyakov

For example, 212 SAP Routers were found in Germany which were created mainly to route access to internal SAP systems. SAP Routers themselves can have security misconfigurations, but the real problem is that 8% of the companies expose SAP Dispatcher services directly to the Internet, circumventing the SAP Router...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Increasing Threat to Industrial Control Systems

March 21, 2012 Added by:Infosec Island Admin

ICS-CERT is monitoring an increase in a combination of threats that increase the risk of control systems attacks. These include Internet accessible ICS configurations, vulnerability and exploit tool releases, and increased interest and activity by hacktivist groups and others...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Exploit Tool Releases for ICS Devices Advisory

February 16, 2012 Added by:Headlines

Security researchers and others have released tools exploiting ICS vulnerabilities. These targeted exploits are readily available through various tools and from exploit developers. Multiple threat elements are combining to significantly increase the ICS threat landscape...

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

10,358 Industrial Control Systems Connected to the Internet

January 27, 2012 Added by:Joel Harding

Hackers rely upon human error to allow them to penetrate many systems because systems administrators fail to secure their systems. Many of the owners of the systems were not even aware their system was hooked up to the internet. This should be cause for alarm...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Symantec: Chinese Connection to Attacks on Defense Contractors

January 27, 2012 Added by:Headlines

The data Symantec published reinforces evidence from an earlier investigation conducted by AlienVault, which described an orchestrated sprear-phishing campaign most likely targeting information on US drone technology which utilized malware-infected PDF documents to deliver the Sykipot payload...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Cyberwar Comes to a Mall in Fresno? Not so Much...

January 24, 2012 Added by:Infosec Island Admin

A Pastebin dump alleged to be from Anonymous has forty-nine IP addresses with SCADA systems on them. Furthermore, those systems were claimed to not have any authentication on them whatsoever. I checked the IP’s and I have to say “meh” on this little dump by the skiddies...

Comments  (5)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Multiple PLC Zero-Day Vulnerabilities

January 24, 2012 Added by:Headlines

The vulnerabilities purportedly include buffer overflows, backdoors, weak authentication and encryption, and other vulnerabilities that could allow an attacker to take control of the device and interfere or halt the process it controls...

Comments  (0)

5cbe1364caf51f95cac6484a832d66d0

More Exposure to SCADA Devices Through Shodan

January 22, 2012 Added by:Bob Radvanovsky

Wile I am certain that the majority of this membership knows what Shodan is, honestly, it represents slightly more than an automated port scanner reporting back on some of the more common open ports (HTTP, SNMP, telnet) that appear to be pingable throughout the Internet...

Comments  (3)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Control System Internet Accessibility Advisory

January 09, 2012 Added by:Headlines

The use of readily available and generally free search tools significantly reduces time and resources required to identify Internet facing control systems. In turn, hackers can use these tools to easily identify exposed control systems, posing an increased risk of attack...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT Warns Facilities of Exposure via SHODAN

December 12, 2011 Added by:Headlines

"The use of readily available and generally free search tools significantly reduces time and resources required to identify Internet facing control systems. In turn, hackers can use these tools to easily identify exposed control systems, posing an increased risk of attack..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

The FUD Files: Cyber Attacks on Our Water Systems

November 20, 2011 Added by:Infosec Island Admin

Sure, the vulnerable system was online for anyone to hit up AND it was in such an un-secured state that pretty much anyone with a pulse could have messed with it. However, The FUD response from the government and the media will be the real disaster that will cause the most damage...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

Stuxnet, SCADA, Nation State Terrorism and FUD

October 13, 2011 Added by:Infosec Island Admin

With the advent of the “smart” grid, this might in fact make it easier to have a larger percentage of failure within the system itself. Everything being tied together this way and monitored will only serve to make the system more susceptible to a single point of failure...

Comments  (2)

91648658a3e987ddb81913b06dbdc57a

Using SHODAN to Identify "SysiLeaks"

December 14, 2010 Added by:Ron Baklarz

What little hair I have was immediately set afire in considering the possibilities for system exploitation as the result of this website and it search capabilities. I ran a few searches on my own domain to ascertain if I had any gaping holes with my own systems...

Comments  (1)