Month: December 2017

  • Assessing a country’s risk: Mirai/Satori, Argentina

    Mirai. It has done a ton of damage, attacking various routers and ip cameras etc. It was used to target Germany, so we know it can be used geographically. Now, it appears someone is working on getting another pool of Mirai ready to rock and roll. And they may be using a vulnerability in a…

  • What are we leaking? Maritime dangerous goods, korea, iot and mqtt

    What are we leaking? Maritime dangerous goods, korea, iot and mqtt

    There is a popular message protocol called MQTT. Its designed for lightweight M2M/IoT connectivity. I used it in my home to run my lights for example (using e.g. Sonoff-Tasmota and other devices I’ve built myself). It works really well to have devices self-register and report relatively high bandwidth sensor statistics. In fact, this is what…

  • Using shodan to fingerprint…. shodan

    So some people have devoted some effort to find the IP that shodan scans from. Various out of date lists like this one. Now, i’m dubious as to the rationale for this, it doesn’t make your vulnerability any lower, just makes it a bit harder for the lazy to find you. But, nonetheless, how would…

  • Shodan to assess a country’s risk

    Shodan to assess a country’s risk

    OK, last post on shodan for a bit, i promise 🙂 So last year about this time we had Mirai attack Deutsche Telekom, getting 900K modems. And the attack was targeted specifically at Germany, bringing up the spectre of: why? Election tampering? Insider trading? Lots of things are possible when you get access to peoples…

  • More shodan shenanigans: VNC with no authentication?

    More shodan shenanigans: VNC with no authentication?

    OK, lets try this query (port:5900 RFB authentication disabled) on shodan. I wonder if we will … OMG, of course there are. There are ~4000 devices with VNC on port 5900 with no authentication. Surely some of them will not be… of course they are. They work. Lets try one at random to see what has…