why shodan is scary and not scary at once

I haven’t mentioned SHODAN because I seem to see most everyone else mention it. Robert Graham at ErrataSec has a great, quick post about the site and why it is scary. It really is scary. Think about all that noise from scans you get on your border. Those are people randomly spending hours, days, weeks, months trying to find hosts to attack. SHODAN can change those months of scanning into a search query that takes seconds.

Google hacks already leverage the power of these searches. If a forum software has a hole in it, use Google to search for every known instance of that version.

If you run Server XYZ and tomorrow a remote vulnerability is found, now attacks can find it in seconds.

Now, while this is scary, there is a caveat: This shouldn’t really change your security stance as the host! Yes, attackers can find you faster. But they could find you previously anyway because you’re hosting remotely acccessible servers. This doesn’t make your web server any more vulnerable. But it should influence your time-to-patch and vigilence in keeping abreast of breaking issues.

The rest of what Robert stands firm, though. Attackers salivate over something like this.

2 thoughts on “why shodan is scary and not scary at once

Comments are closed.