topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 11:37 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Search for Devices - Then Pown them...  (Read 2411 times)

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Search for Devices - Then Pown them...
« on: August 16, 2013, 11:42 AM »
I subscribe to Tinman's newsletter, and in it he had this article:

http://www.techhive....leeping-toddler.html

EXTREMELY creepy. It gets worse... linking from there I find this:

http://www.shodanhq.com/

A search engine to find devices that you can then try to exploit.

Good grief. It's been around for 2 years.

If you're not scared, then 1 of 3 things:

  • You're a competent IT pro and have hardened your system
  • You didn't understand any of the above (no shame in ignorance)
  • You're an idiot (lots of shame in willful ignorance)

The amount of open information out there is just astounding.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Search for Devices - Then Pown them...
« Reply #1 on: August 16, 2013, 11:58 AM »
I'd like to flatter myself that I fit into category A.

That said, it's still a major concern for IT pros. You can harden a network till the cows come home. All it takes is one careless user, or a small configuration mistake, or a software bug and it's all for naught.

And yeah, info from shodanhq has been on our radar screens since it went public back around 2010.

But that's not the scary part. The scary part is that it's sure as certainty there are other unpublicized darkhat sites that are also doing this -  plus a whole lot more - as even a quick visit to the deepweb will show.


ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: Search for Devices - Then Pown them...
« Reply #2 on: August 17, 2013, 01:29 AM »
Am reminded of the following quotes from Joe Armstrong (of Erlang):

It was during this conference that we realised that the work we were doing on Erlang was very different from a lot of mainstream work in telecommunications programming. Our major concern at the time was with detecting and recovering from errors. I remember Mike, Robert and I having great fun asking the same question over and over again: "what happens if it fails?" -- the answer we got was almost always a variant on "our model assumes no failures." We seemed to be the only people in the world designing a system that could recover from software failures.

We can't stop our systems and globally check they are consistent and then relaunch them. We incrementally change bits and we recognize that they are inconsistent under short time periods and we live with that. Finding ways of living with failure, making systems that work, despite the fact they are inconsistent, despite the fact that failures occur. So our error models are very sophisticated.

When I see things like Scala or I see on the net there's this kind of "Erlang-like semantics", that usually means mailboxes and message boxes. It doesn't mean all the error handling, it doesn't mean the live code upgrade. The live upgrade of code while you are running a system needs a lot of deep plumbing under the counter -- it's not easy.