Domain: shodan.io
Stories and comments across the archive that link to shodan.io.
Stories · 4
-
New Shodan Tool Tracks Down Botnet Command-And-Control Servers (thestack.com)
An anonymous reader quotes The Stack: Search engine Shodan has announced a tool to help businesses hunt out and block traffic from malware command-and-control servers. The new Malware Hunter service, which has been designed in a collaborative project with threat intelligence company Recorded Future, continuously scans the internet to locate control panels for different remote access Trojans, including Gh0st RAT, Dark Comet, njRAT, XtremeRAT, Net Bus and Poison Ivy. The internet crawler identifies botnet C2 servers by connecting to public IP addresses and sending traffic which mimics that of an infected device. If the receiver computer sends back a response, that server is flagged.
The article reports that Shodan's Malware Hunter tool has already traced over 5,700 RAT servers -- more than 4,000 of them based in the United States. -
Nearly 200,000 Wi-Fi Cameras Are Open To Hacking (bleepingcomputer.com)
An anonymous reader quotes a report from BleepingComputer: What started as an analysis of a simple security flaw in a random wireless IP camera turned into seven vulnerabilities that affect over 1,250 camera models and expose nearly 200,000 cameras to hacking. The flaws affect a generically named product called Wireless IP Camera (P2P) WIFICAM, manufactured by a (currently unnamed) Chinese company, who sells it as a white-label product to several other camera vendors. Security researcher Pierre Kim says the firmware produced by this Chinese vendor comes with several flaws, which have all made their way down the line into the products of other companies that bought the white-label (unbranded) camera. In total, nearly 1,250 camera models based on the original camera are affected. At the heart of many of these issues is the GoAhead web server, which allows camera owners to manage their device via a web-based dashboard. According to Kim, the cameras are affected by a total of seven security flaws. Yesterday, Kim said that around 185,000 vulnerable cameras could be easily identified via Shodan. Today, the same query yields 198,500 vulnerable cameras. Proof-of-concept exploit code for each of the seven flaws is available on Kim's blog, along with a list of all the 1,250+ vulnerable camera models. -
Security Lapse Exposed New York Airport's Critical Servers For a Year (zdnet.com)
An anonymous reader quotes a report from ZDNet: A security lapse at a New York international airport left its server backups exposed on the open internet for almost a year, ZDNet has found. The internet-connected storage drive contained several backup images of servers used by Stewart International Airport, but neither the backup drive nor the disk images were password protected, allowing anyone to access their contents. Since April last year, the airport had been inadvertently leaking its own highly-sensitive files as a result of the drive's misconfiguration. Vickery, who also posted an analysis of his findings, said the drive "was, in essence, acting as a public web server" because the airport was backing up unprotected copies of its systems to a Buffalo-branded drive, installed by a contract third-party IT specialist. When contacted Thursday, the contractor dismissed the claims and would not comment further. Though the listing still appears on Shodan, the search engine for unprotected devices and databases, the drive has since been secured. The files contained eleven disk images, accounting for hundreds of gigabytes of files and folders, which when mounted included dozens of airport staff email accounts, sensitive human resources files, interoffice memos, payroll data, and what appears to be a large financial tracking database. Many of the files we reviewed include "confidential" internal airport documents, which contain schematics and details of other core infrastructure. -
US Think Tank Wants To Regulate The Design of IoT Devices For Security Purposes (theregister.co.uk)
New submitter mikehusky quotes a report from The Register: Washington D.C. think tank the Institute for Critical Infrastructure Technology is calling for regulation on "negligence" in the design of internet-of-things (IoT) devices. If the world wants a bonk-detecting Wi-Fi mattress, it must be a malware-free bonk-detecting Wi-Fi mattress. The report adds: "Researchers James Scott and Drew Spaniel point out in their report Rise of the Machines: The Dyn Attack Was Just a Practice Run [PDF] that IoT represents a threat that is only beginning to be understood. The pair say the risk that regulation could stifle market-making IoT innovation (like the Wi-Fi cheater-detection mattress) is outweighed by the need to stop feeding Shodan. 'Regulation on IoT devices by the United States will influence global trends and economies in the IoT space, because every stakeholder operates in the United States, works directly with United States manufacturers, or relies on the United States economy. Nonetheless, IoT regulation will have a limited impact on reducing IoT DDoS attacks as the United States government only has limited direct influence on IoT manufacturers and because the United States is not even in the top 10 countries from which malicious IoT traffic originates.' State level regulation would be 'disastrous' to markets and consumers alike. The pair offer their report in the wake of the massive Dyn and Mirai distributed denial of service attacks in which internet of poorly-designed devices were enslaved into botnets to hammer critical internet infrastructure, telcos including TalkTalk, routers and other targets."