Shodan
Posted: Tue Jan 26, 2016 4:50 pm
Although it has been around for several years, Shodan is just now making its way into the broader public. According to its own description, it is "the world's first search engine for Internet-connected devices". In other words, any device which receives an IP address may be cataloged in Shodan's engine, including iPhones, web-connected baby monitors, home security systems, etc. all of which are searchable via Shodan...as well as viewable in real time. According to tihs article from Vocativ the author(s) were able able to set up a free account, search for home cameras, then view images from the insides of people's houses, including the ability to pan the camera, in only a few minutes. Most of the devices reachable via Shodan are not password protected or have really weak passwords like 'admin', 'password', '123456', or any of the others from often-published lists of "most-used passwords". In short, most people are stupid when it comes to security.
My password for our network at the house is 17 characters, alpha/numeric/symbolic, and is not found in any dictionary; even the most intense brute force cracking attempts would take billions of centuries to hack such a password. The number one key to password security is length--the password "k1ttYk4t!!!!!!!!!!!" is more secure than "f8N9)$h2wo_z6Fv" because the first password is 19 characters long and the second is only 15 characters long even though the first one isn't as "complex".
Anyway...most people and business are still stupid when it comes to Internet connectivity and security--their devices are cataloged in this search engine for anyone to use. Am I going to sign up for a free account on Shodan? Yes, of course I will. Am I going to look for connected yet unprotected devices? Yes, I will probably do so for a lark but I am not going to get seriously into it.
My password for our network at the house is 17 characters, alpha/numeric/symbolic, and is not found in any dictionary; even the most intense brute force cracking attempts would take billions of centuries to hack such a password. The number one key to password security is length--the password "k1ttYk4t!!!!!!!!!!!" is more secure than "f8N9)$h2wo_z6Fv" because the first password is 19 characters long and the second is only 15 characters long even though the first one isn't as "complex".
Anyway...most people and business are still stupid when it comes to Internet connectivity and security--their devices are cataloged in this search engine for anyone to use. Am I going to sign up for a free account on Shodan? Yes, of course I will. Am I going to look for connected yet unprotected devices? Yes, I will probably do so for a lark but I am not going to get seriously into it.
