Shodan: The Search Engine that tells secrets
Tuesday, April 9, 2013
Richard Harris |
Shodan is a search engine that doesn't crawl the web looking for content, it crawls looking for exploits. You heard me, places that have default passwords on servers, or routers, open web cams, printers that are connected without any security - that sort of stuff. Scared yet?
Read more: http://money.cnn.com/2013/04/08/technology/securit...
What does this mean to you? It means you can search for just about anything that you think is exploited, it's kinda fun at first then turns to a frightening reality when you realize you might have something hanging on the web wire that could be exploited too! Most developers have servers of some sort, or an internet appliance, this is a great way to check your IP or devices to see if there are potential security problems you might not know about.
It's pretty scary what is out there, Shodan searchers have found control systems for a water park, a gas station, a hotel wine cooler and a crematorium. Cybersecurity researchers have even located command and control systems for nuclear power plants and a particle-accelerating cyclotron by using Shodan.
"You can log into just about half of the Internet with a default password," said HD Moore, chief security officer of Rapid 7, who operates a private version of a Shodan-like database for his own research purposes. "It's a massive security failure."
Developers can also use their API to connect their own apps to the Shodan database of exploits and back-doors if they like, which opens the door up to all kinds of mischief I'm sure.
Read more: http://money.cnn.com/2013/04/08/technology/securit...
Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.
MEMBERS GET ACCESS TO
- - Exclusive content from leaders in the industry
- - Q&A articles from industry leaders
- - Tips and tricks from the most successful developers weekly
- - Monthly issues, including all 90+ back-issues since 2012
- - Event discounts and early-bird signups
- - Gain insight from top achievers in the app store
- - Learn what tools to use, what SDK's to use, and more
Subscribe here