top | item 20141484

(no title)

nikomen | 6 years ago

Organizations using ICS equipment could use this tool to find their own systems that are accessible to the internet. However, I would imagine that companies that are responsible enough to perform checks like these hopefully already have procedures in place to prevent issues like this.

I wonder if there's room to use this software to provide direct feedback to the organizations and let them know without being prosecuted?

discuss

achillean|6 years ago

Shodan actually has a service that will notify you when it discovers a public industrial control system:

https://monitor.shodan.io

Shodan Monitor is to the Internet as Google Alerts is for the web. And the membership (one-time payment of $49 for a lifetime upgrade) lets you monitor up to 16 IPs.

Disclaimer: I'm the founder of Shodan.

nickpsecurity|6 years ago

Have you noticed any significant change as part of your work with Shodan? If you contact them, do the organizations even do fixes at a steady rate? What's the situation?

bavell|6 years ago

I love how humble/modest your profile is ^_^

foxrob92|6 years ago

I know someone who works in cybersecurity for an oil company, he uses shodan to double check if they have exposed anything to the big scary internet.

ryacko|6 years ago

It depends on Polish law, and how likely they would attempt to prosecute you for a polite letter mailed to them.

unknown|6 years ago

[deleted]