Developed by John Matherly, Shodan is a search engine designed to help users find certain pieces of software, determine which applications are most popular, identify anonymous FTP servers, or investigate new vulnerabilities and what hosts they could infect.
It also serves as a window into millions of unsecured online connections.
According to an article on CNN Money, Shodan runs nonstop, collecting data from approximately 500 million connected devices and services each month. Through a simple search on Shodan, a user can identify a number of systems that either have no security measures in place or generic passwords that can be hacked easily, leaving countless organizations open to hazardous attacks.
During last year’s DEF CON 20, independent security penetration tester Dan Tentler confirmed a number of unsecured systems he located using Shodan, including a car wash that could be turned on and off remotely, a hockey rink in Denmark that could be defrosted with a click of his mouse, and a traffic control system for an unnamed city that could be put in “test mode” with one command entry.
The biggest security flaw, says Matherly, is that many of these systems should not be connected to the Web, “Of course there’s no security on these things. They don’t belong on the Internet in the first place.” Citing that many systems can be controlled by a computer, IT departments will hook them up to a server, unintentionally making systems and devices available to anyone with an Internet connection.
The most common users on Shodan include security professionals, academic researches and law enforcement agencies. Users without a Shodan account will retrieve up to ten results per search, while account users get 50 results per search. To see everything Shodan can serve up, users are required to give more information about what they want to find and pay a fee.
Matherly admits to CNN Money that Shodan could be used for criminal purposes, but says most cybercriminals have access to botnets that achieve the same results.
Related Topics: Legal: Crawling & Indexing | Legal: Privacy | Legal: Security | Search & Society | Search Engines | Search Engines: Meta Search Engines | Search Features: Safety
About The Author: Amy Gesenhues is Third Door Media's General Assignment Correspondent, and reports on the latest news and updates for Marketing Land and Search Engine Land. From 2009 to 2012, she was an award-winning syndicated columnist for a number of daily newspapers from New York to Texas. With more than ten years of marketing management experience, she has contributed to a variety of traditional and online publications, including MarketingProfs.com, SoftwareCEO.com, and Sales and Marketing Management Magazine. Read more of Amy's articles. See more articles by Amy GesenhuesConnect with the author via: Email | Twitter | Google+ | LinkedIn 
This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.
No comments:
Post a Comment