SHODAN related infosec assortment

The other Defcon

I never attended DEFCON, though it remains a dream I hope to realize one day, soon. It may soon become too logistically awkward due to increasing numbers of attendees.

Shodan is a remarkable search engine. Traditional search engines use “spiders” to crawl websites. Shodan culls data from ports. It was created by John Matherly in 2007. He continues to develop it.

Shodan is helpful for locating web server vulnerabilities. It is available as a free service, for up to 50 searches. Query syntax includes searches by country, host name, operating system and port. Shodan can search for software AND hardware. It has been acknowledged by mainstream media. The most prominent coverage was in early June, via The Washington Post, when Stuxnet received so much press attention.

Me and Shodan

Next is my Scribd infosec collection. It isn’t exclusively Shodan-related. This is why. I first noticed that Michael Schearer wrote excellent PowerPoint presentations, and kindly posted them on Scribd. I was curious, searched for more. This led me to Shodan HQ.

Shodan is NOT an acronym for Sentient Hyper Optimized Data Access Network. John Matherly kindly confirmed this, in response to my recent inquiry.

@ellieaskswhy nope 🙂 not an acronym for my project, but it’s the acronym for the videogame character the name is based off of

— John Matherly (@achillean) August 19, 2012

Human knowledge belongs to the world, after all, and information ALWAYS wants to be free.

I wrote an information security and data privacy post, on my Tumblr blog. The (inline) PDF document from hal.inria.fr is the highlight. Along the way, I learned about quines! They are a cute construct, like palindromes, or self-replication, or polyglot programs; fun, maybe useful.

There was a somewhat satisfactory resolution to the ongoing matter of what I think of as Bobby Table’s Google-compromised web malware repository. The Web Malware Collection Project is:

A collection of web application back doors and malware, in PHP, JSP, ASP, etc.

DEFCON 13 badge

Let’s conclude with a video, Hackers vs. Disasters Large and Small. The venue was DEFCON 13. Introductory remarks were by Michael Schearer, which is where this all began. Be forewarned, duration is 1 hour, 45 minutes:

Most often we’re “on the grid” and close to our precious electronics and high-speed internet. What would happen if you find yourself stranded in the middle of nowhere or in the midst of a natural disaster? This presentation will show you that your hacker ingenuity can help you survive the worst.

Related

• Using Shodan and FeedBurner to keep an eye on your hosts