Author: db

  • Shodan to assess a country’s risk

    Shodan to assess a country’s risk

    OK, last post on shodan for a bit, i promise 🙂 So last year about this time we had Mirai attack Deutsche Telekom, getting 900K modems. And the attack was targeted specifically at Germany, bringing up the spectre of: why? Election tampering? Insider trading? Lots of things are possible when you get access to peoples…

  • More shodan shenanigans: VNC with no authentication?

    More shodan shenanigans: VNC with no authentication?

    OK, lets try this query (port:5900 RFB authentication disabled) on shodan. I wonder if we will … OMG, of course there are. There are ~4000 devices with VNC on port 5900 with no authentication. Surely some of them will not be… of course they are. They work. Lets try one at random to see what has…

  • Exposing SCADA to the Internet: Nobody expects the shodan inquisition!

    Exposing SCADA to the Internet: Nobody expects the shodan inquisition!

    There’s an industrial standard called Supervisory control and data acquisition (SCADA). Its used in factory control environments, running programmable logic controllers etc. In these environments, you often make certain assumptions. First, all the software is custom, and usually done by a single system integrator who has tested it all. Second, security is partly physical, you…

  • Spear-Phishing defence, the US census, punycode, and certstream

    Spear-Phishing defence, the US census, punycode, and certstream

    Want to try something fun? Head here and click on ‘open the firehose’. This is certstream, a real-time-stream (from the transparency logs). In real time you can see all the SSL certificates granted. OK, i’ll let you you ooh and aah over that for a second. Now, lets talk about spear-phishing. In essence, I entice…

  • New product idea: add wire adapter

    New product idea: add wire adapter

    So the original home automation is the thermostat. And many of us will have grown up with the Honeywell T87.  This will have been mounted to that lovely faux wood panelling in your house :). It worked in a very simple model: there was 2 wires that came from your furnace. One had 24VAC, and…