Resultados 1 a 5 de 5
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    18,556

    Bullguard/Shodan: Internet of Things Scanner

    Check if your internet-connected devices at home are public on Shodan.

    Shodan is a search engine for the Internet of Things. Shodan allows users to find devices that are publicly accessible on the internet, and which may be vulnerable to hackers.


    http://iotscanner.bullguard.com/

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    18,556
    2 centavos:

    1. O tal Shodan andou enviando spam para dominios que controlo. Sabe lá se andou fuçando em sites também.

    2. Como destacou (reclamou) o chefão da OVH, o problema das torradeiras e chuveiros é que usam IP dinâmico. Espero que o "google dos IoTs" seja esperto o suficiente para não se enrolar em heranças malditas.

  3. #3
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    18,556

    Shodan, la alternativa a Google más peligrosa

    Shodan es un proyecto creado por el experto en seguridad John Matherly, que lo ha definido como “el buscador más aterrador del mundo”. Su nombre procede del tipo de inteligencia artificial malvada del mítico videojuego System Shock.

    Andrea Núñez
    1 octubre, 2016

    Vivimos en un mundo donde, cada vez con mayor incidencia, los dispositivos físicos y sistemas electrónicos están cada vez más conectados entre si debido a la expansión del Internet de las Cosas, una red compleja que permite el intercambio de datos. Estos avances tecnológicos disruptivos han permeado cada aspecto de la vida contemporánea, facilitando y monitorizando numerosas tareas cotidianas relacionadas con el transporte, la salud, el hogar, el bienestar o la industria.

    Además de las múltiples aplicaciones que tiene el Internet de las Cosas para todos los sectores de la vida en general, también surgen ciertas cuestiones de seguridad vinculadas a su aparición. El contexto de la deep web –o la parte de Internet “invisible” hasta 45 veces superior a la información indexada por Google y el resto de buscadores- convencionales- es un terreno peligroso donde puedes localizar cualquier dispositivo.

    Dentro de esta deep web, Shodan se trata de un buscador de direcciones HTTP conectadas a Internet, la mayor parte de las cuales no salen en las búsquedas de Google o similares. Puede definirse como un buscador del Internet de las Cosas, ya que es capaz de localizar frigoríficos, alarmas, cámaras de seguridad, webcams, wearables, y cualquier otro dispositivo conectado.

    Las bases de Shodan, el buscador preferido de los hackers

    Shodan es un motor de búsqueda nacido en 2009 cuyo funcionamiento es similar a Google, aunque aquí finalizan las similitudes. En lugar de indexar el contenido web a través de los puertos 80 (HTTP) o 443 (HTTPS) como lo hace Google, hodan rastrea la Web en busca de dispositivos que responden a otra serie de puertos, incluyendo: 21 (FTP), 22 (SSH), 23 (Telnet), 25 (SMTP), 80, 443, 3389 (RDP) y 5900 (VNC).

    Shodan puede descubrir e indexar prácticamente cualquier dispositivo, entre una amplia gama que abarca webcams, de señalización para vías, routers, firewalls, sistemas de circuito cerrado de televisión, sistemas de control industriales para plantas de energía nuclear, redes eléctricas, electrodomésticos domésticos y mucho más.

    La parte más peligrosa y negativa de esta detección es que todos estos dispositivos se encuentran conectados a Internet sin que sus dueños sean conscientes de los peligros y riesgos a nivel de seguridad, y por tanto, sin contar con la aplicación de medidas protectoras básicas como el nombre de usuario o una contraseña fuerte y robusta.

    La seguridad de los usuarios se tambalea especialmente con las webcams, ya que estas pueden captar imágenes de todo tipo en torno a los domicilios, información personal o rostros de menores.

    Búsqueda en Shodan a través de filtros

    Las cuentas gratuitas en Shodan permiten buscar a través de los siguientes filtros:

    • Country: Permite encapsular la búsqueda reduciéndola a un país especifico.
    • City: Filtro por ciudad.
    • Port: Permite realizar cada búsqueda dependiendo del puerto abierto o el servicio que se este ejecutando,
    • Net: Para buscar una ip especifica o rangos de ip.
    • Hostname: Este filtro sirve para las búsquedas relativas al texto que le indiquemos en la parte de hostname.
    • OS: Según el sistema operativo.


    En el 2012, un investigador de seguridad llamado Dan Tentler demostró cómo fue capaz de utilizar Shodan para encontrar sistemas de control para máquinas, calentadores de agua a presión e incluso puertas de garaje.

    También fue capaz de encontrar una planta hidroeléctrica en Francia, un lavado de coches que podrían ser encendido y apagado de modo remoto y una pista de hockey en Dinamarca que podría haber sido descongelada tan solo con hacer clic de un botón. Incluso encontró todo el sistema de control de tráfico de una ciudad conectado a la red, que podría haberse interrumpido con el uso de determinados comandos.

    La existencia de proyectos como Shodan nos conduce a la reflexión como consumidores y a implementar nuevos mecanismos y medidas de seguridad sobre nuestros wearables, gadgets y demás productos y dispositivos inteligentes.

    http://www.ticbeat.com/tecnologias/s...igrosa-google/

  4. #4
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    18,556

    “el buscador más aterrador del mundo”

    Unsecured database lets hacker expose 58 million plus records from data management firm

    Bradley Barth
    October 13, 2016

    A hacker scanning for unsecured databases was able to compromise at least 58.8 million records – and possibly as many as 258 million – from Modern Business Solutions (MBS), a data management and monetization firm primarily serving the automotive, employment and real-estate industries.

    According to an online report by Risk Based Security (RBS), an individual with the Twitter handle @0x2Taylor doxxed the stolen data twice last weekend on the file-sharing site MEGA – both times it was removed – and then again on a smaller file-sharing website. In a subsequent series of communications with RBS, the perpetrator claimed that the vulnerable MongoDB database was initially discovered by an acquaintance who then shared its IP address with him and other friends.

    @0x2Taylor confirmed to RBS that the original hacker discovered the unprotected, open-source database using the search site Shodan.io. “In our experience, given the size of the database and the fact it was clearly from a MongoDB installation, our researchers immediately suspected Shodan was the tool used to identify the open database. This was later confirmed through conversations with the 0x2Taylor,” said Inga Goddijn, executive vice president and managing director of insurance services at RBS, an in email interview with SCMagazine.com.

    Leaked information included names, IP addresses, birth dates, email addresses, vehicle data and occupations. At first, it was unclear who this data belonged too. However, “Our researchers were able to identify administrative records within the database. This information was used to link ownership to MBS,” explained Goddijn.

    According to RBS, evidence suggests the data may have originated from MBS' cloud-based data management platform, called Hardwell Data, which according to the report allows customers to “collect, store and transfer data records regardless of format…” It is not clear to what extent the stolen data consists of customer records MBS was storing and managing on behalf of its clients, or how much of the data strictly pertains to MBS' own client base. SCMagazine.com has reached out to MBS for comment.

    RBS worked with breach reporting site Databreaches.net to contact MBS and disclose the incident. Although the MBS reportedly did not issue a reply, RBS researchers have determined that the database has since been secured.

    While the initial leaks exposed approximately 58 million records, @0x2Taylor later referenced an additional data set containing 258 million rows of personal data, presented in a format similar to the original leak. RBS was unable to confirm the validity of this additional data table because by then the database had been secured.

    In a blog post today about the breach, security solutions provider Tripwire advised readers to see if their information was stolen by searching their details on the website Have I been Pwned?, which has added data from the MBS hack.

    “Sadly, misconfigured MongoDB databases are all too common,” wrote security researcher Graham Cluley in a Tripwire blog post today about the breach, “and the use of search engines like Shodan has made it easier for hackers to identify internet-connected systems that are unsecured, or revealing themselves online when they should not be visible to the outside world.”

    http://www.scmagazine.com/unsecured-...rticle/548357/

  5. #5
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    18,556

    Meet Shodan, the backdoor to the Internet

    With more than 170 million web services already indexed, Shodan continues to expand the number of devices that can be identified and are creating tools to help people make data-driven decisions.


    Aritra Sarkhel
    July 19, 2016

    Shodan is the search engine for the Internet of Things (IoT) and everything else that Google cannot search. With just a basic search on the internet, you could find the control system of a hydroelectric power plant or traffic control to an entire city. It's a secret gateway to control the world of connected devices.

    Shodan isn't significantly different than a web crawler like Google. Shodan crawlers browse the Internet and when they discover a device, they collect metadata about it.

    While Google crawls for websites. Shodan crawls for devices.

    In an email interview with ETtech, John Matherly, the founder of Shodan, narrated how and why he set up Shodan in 2003. A computer security whizz, Matherly, wanted to develop a software that would let security researches share their results to help analyze Internet at scale. Since it's impossible for a single person to crawl the entirety of the internet for data, Matherly looked at P2P technology as means of crowdsourcing the effort. However, it was impossible to prevent users from submitting false results. Matherly ended up creating a P2P tool that would simply release all the information collected.

    "The original purpose of Shodan was to offer an empirical market research tool for companies to find out who is using their products, where their customers are located and obtain information about their competitors," says Matherly.

    However, online pirates have found Shodan a secret door to critical industrial control systems across the world and used it for many high profile hacks. As it gained visibility, Shodan has drawn a lot of flak from security experts for exposing the vulnerabilities of the IoT devices.

    Matherly shrugs off Shodan's reputation of being a Hacker's search engine by pointing out that theirs is not an anonymous service. "Without logging in, a person can't use search filters and they only see up to 10 results. Even after logging in, they can see only 50 results. Only after they provide payment information, they are able to see more. And we also have numerous other mechanisms in place to prevent abuse and anonymous access," says Matherly.

    In terms of monetising the technology, Shodan benefits from the power to understand the Internet better. "We give full access to our database to more than 50% of the Fortune 100 companies as well as to universities across the world. Not only that, we work with economic groups, such as the OECD, to help policy makers understand the growth of the Internet," says Matherly.

    From 2003, it's been quite a journey for Matherly's Shodan. The search engine's architecture has become larger and more complex. Today they have crawlers located all around the world looking for nearly 300 different services and identifying more than 500 devices every second.

    Information about the billions of devices that Shodan looks at is streamed in real-time to their customers and on the website. "Shodan started off mostly looking at web servers, but nowadays we cover every major service and many minor ones as well. We crawl everything from office buildings to Minecraft game servers and lots of things in-between. Our goal is to provide an empirical, data-driven view of the Internet to help people make decisions based on data rather than opinion," says Matherly.

    http://tech.economictimes.indiatimes...e-meet-shodan/

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens
  •