Dahua Security Camera Vulnerability

Dahua has taken this seriously. Surprise Surprise.

Backdoor Disclosure here

Dahua Security Bulletin here

I need to get my ass back in Shodan. I miss the hunt


Recovery Masters





Big oopsie on CloudFlares part.

A good writeup is here: Gizmodo

Original post from Tavis Ormandy here

CloudFlare’s own downplay here

And last but not least, GitHub has a list of sites that are affected including possible iOS Apps here

Keep it classy CloudFlare



FTC – IoT Home Inspector Challenge

IoT Home Inspector Challenge

So the FTC wants someone to “create” a tool that can protect consumers from vulnerabilities in IoT devices.

Here is a snippet on the criteria required:

  • Submissions must provide a technical solution, rather than a policy or legal solution.
  • The tool must work on home IoT devices that currently exist on the market.
  • The tool must protect information it collects both in transit and at rest.
  • The Submission must address how the tool will avoid or mitigate any additional security risks that the tool itself might introduce into the consumer’s home by, for example, probing the home network or facilitating software upgrades.

There are thousands of different I0T device types, vendors, Companies, etc. How is this going to be feasible with such a broad scope of devices?

Prize is up to $25k with $3k going to honorable mentions.

Give it a whirl would ya. Submissions are due by May 22nd 2017.

Shodan Search – Iomega Shares

To search for Iomega Shares that are open:


Search for Set-Cookie: iomega

Firefox will throw up an error that your connection is not secure. Select Advanced and then Add Exception. Then Confirm Security Exception.

Cloud page will open. Then select content tab to look for open shares

Narrow search by using country:”US”

FYI: this search does not limit you to iomega devices. It has pretty broad reaches.