"SysiLeaks" (pronounced 'sissy leaks') is the exposure of specific system names, IP addresses, configurations, physical locations, and possible lax system security that can be used for exploitation purposes.
I am always looking out for new, interesting, and cost-effective (i.e., cheap) ways to address various INFOSEC issues and have an item to share.
On October 28, 2010 the DHS Industrial Control System - Cyber Emergency Response Team (ICS-CERT) issued ICS-CERT Advisory 10-301-01 "Control System Internet Accessibility".
Specifically, the alert was distributed to identify that the SHODAN search engine had been used to enumerate not only Internet-facing SCADA systems but also identify various and specific vulnerabilities associated with these systems.
I took a moment to find out what exactly this SHODAN website was and to my surprise, I discovered a veritable "Google" type of search engine specifically designed to seek out Internet-facing servers, routers, etc. including query capabilities to find systems running specific software versions, those configured with default or no passwords, by geographic locations, etc.
What little hair I have was immediately set afire in considering the possibilities for system exploitation as the result of this website and it search capabilities. I ran a few searches on my own domain to ascertain if I had any gaping holes with my own systems.
And, I would advise readers to check out SHODAN for yourself and address any holes you may find before they are exploited.
While the news has been consumed with "wikileaks", we INFOSEC practitioners should be very, very concerned about these "SysiLeaks".
