About Thawte

News

Is Shodan putting your computer security at risk?

Shodan might be best described as a shadow search engine, and its capabilities put computer security in peril. Shodan searches target results that aren't meant for public viewing - like servers, routers, and webcams - and can expose vulnerabilities in computer infrastructure. Such easy access to information that most would assume is hidden from the Web offers hackers shortcuts to stealing data and crippling computers.

In a recent report for CNN Money, tech expert David Goldman likened Shodan to something out of a scary film. He called it a "dark Google," a search engine trawling the corners and back alleys of the internet, looking for weak security systems and unlocked data.

Shodan collects and gives users access to information from over 500 million connected devices each month, from printers and routers to traffic lights, security cameras, and command and control systems for nuclear power plants. A search reveals a device's banner information, which often contains user and password data, especially if the device is using a default password. Many typical passwords become fruitful keywords, wrote Goldman, like '1234' or 'password1,' so devices using these easy-to-break locks are at a heightened risk.

Can Shodan be a cybersecurity asset?
When it comes to network security, Goldman cautioned that vigilance is paramount. Security professionals and law enforcement agencies have used Shodan to uncover unprotected connections in their networks and have improved their security standing by closing the gaps.

Shodan is intended to help security professionals find weak links. The search engine's creator, John Matherly, foils potential hackers with a system in which a user is limited to ten searches without purchasing an account and describing what his or her intentions are.

Goldman wrote that many vulnerable connections only exist because companies purchase systems that let them remotely control many physical devices, like heating systems and printers, with a computer, instead of connecting them directly. Although these options are simpler to implement, they expose the company to hidden security risks.

Encrypt your networks now
The lesson that Shodan's existence teaches, wrote Aaron Weiss for eSecurity Planet, is that the key to cybersecurity is to practice comprehensive network protection on every potentially vulnerable device.

His suggestions include reducing the number of public-facing devices or installing a network firewall. For devices that must remain on the network, he wrote, priority should be given to encrypting data and exercising good password hygiene.

Practice secure network habits to keep your data safe. Protect company information with an SSL certificate today.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +27 21 819 2200
Fax: +27 21 819 2950

Thawte is a leading global Certification Authority. Our SSL and code signing digital certificates are used globally to secure servers, provide data encryption, authenticate users, protect privacy and assure online identifies through stringent authentication and verification processes. Our SSL certificates include Wildcard SSL Certificates, SAN /UC Certificates, SGC SuperCerts and Extended Validation SSL Certificates.

What is an SSL Certificate Which SSL Certificate is Right for Me? Why Choose Thawte?