The Shodan Search Engine IS a Bit Scary

Shodan_logo

But it may be indicative of the lurking loss of privacy and security we seem to freely exchange for the convenience of connectivity.

There are search engines out there specializing in all sorts of online information. I have highlighted some here, for example search tools that delve into the deep web. Shodan is different. Shodan searches for devices connected to the Web. Like servers. Printers. Routers. Webcams. Security cameras. Control systems for water parks. Really? Yup, really. And it can see what is secured out there and what is unsecured. From a CNN Money article that ran the rounds yesterday:

A quick search for “default password” reveals countless printers, servers and system control devices that use “admin” as their user name and “1234” as their password. Many more connected systems require no credentials at all — all you need is a Web browser to connect to them.

Search parameters include location by city or county, latitude or longitude. Or search by hostname, operating system or IP address. It also allows you to export your search results by XML, so you can take it with you, with the IP and physical location associated with the result. And, if you don’t want to do the heavy lifting, let some other hackers users do the work for you with shared searches.

SHODAN   Computer Search Engine

Even scarier, use Shodan Exploits to search for known vulnerabilities and exploits lurking out there.

I can hear you now – “Oh.Em.Gee. How long has this been out there?” Three years. When you search one of their shared searches for, say, video web servers, you will see results from 2010 forward. Shodan is celebrating its three year anniversary with a decent flurry of press activity. Great. Now more hackers users will know about this means of tapping stuff.

I totally understand that being fore-warned is to be fore-armed, and that the principle purpose of this is to enhance security rather than shake up that fragile concept, but my pessimistic self can’t help but consider all the nefarious uses such a tool could promote. It is all great if device owners take heed and actually start securing these devices. FWIW, SHODAN (Sentient Hyper-Optimized Data Access Network) apparently is a name used for a fictional AI antagonist in the cyberpunk action role-playing video games System Shock and System Shock 2. Take from that what you may/will.

Shodan invites you to register using your social logins, but I had no problem running some searches without registering. Check it out. And be chilled.

When You Need To Dig Deeper In Your Search

I was asked earlier today to find something that Google couldn’t find, at least for free anyway. So what did I do? I did the deep dive, of course.

I haven’t touched on this topic recently here in the Studio, so the time is ripe. I am talking about the “deep web”, the “invisible web” of data and documents hosted on the Internet that traditional search bots and crawlers of Google and similar ilk can’t seem to index. It is estimated that the invisible web is 500 times larger than the searchable portion of the Web, which we all know is pretty freaking big to begin with. Sometimes, you won’t be able to find what you are looking for using traditional search engines, so what do you do? You use some tricks to access those hidden databases, of course – you are more than 500 times more likely to find the goods.

If you are looking for a search engine tuned to deep web searching, check out this great list (over 100!) broken down by topic, curated by the Online Education Database.

If you are looking for information that is more geared towards the legal profession, you can do no better than this great list of invisible web resources over at LLRX curated by Marcus Zillman.

Wondering what I was looking for? A current list of legislation across the 50 states pertaining to medical malpractice, particularly tort damages caps. I found it in a database maintained by the National Association of State Legislatures. I didn’t have to pay a cent for it. Thanks guys! Sorry Westlaw.

 

 

Oyez! Quincy District Court Now in Session, Everywhere

A novel social media / legal experiment is taking place a few miles and minutes from where I am sitting. As of yesterday, anyone with an internet connection can “see” what is happening in the Quincy District Court. Cameras and microphones are operating in the court’s criminal session and proceedings are being streamed live over the Internet at the new website created solely for the project. The project is run by NPR local affiliate WBUR and is being funded by Knight Media and is called, appropriately enough, OpenCourt.us. The goal is to improve transparency and understanding of the judicial process and, hopefully, strengthen “ties” between the public and their courts.

These “ties” include court reporting. In the courtroom there is an operating Wi-Fi network and a space reserved for “citizen bloggers” to share the news with the Internet via blogs, tweets, even Facebook.

The project is not without limitations. The Judge can decide when to shut the camera off, when the need arises. Or to comply with existing court rules or maintain privacy in domestic violence cases. To protect attorney-client communications, there are “privacy” zones in the court room, free from electronic eyes and ears.

If matters proceed positively, the Project partners plan to extend it to other sessions, civil matters and small claims. Because everyone needs to know what is happening in small claims.

All sarcasm aside, I find this project fascinating. In an age where we are constantly admonished not to tweet or reach out where court is concerned (or even are barred from bringing smartphones and laptops into the court room in parts of New York), the Quincy Court’s about-face is somewhat startling. My short answer is that I am all for openness and transparency. But I do wonder what indirect effects the knowledge of constant, anonymous on-line viewing might have on the parties, their counsel and court personnel.

We shall see.

What IS the Internet Anyway?

People are still grappling with the concept, but I think we might have a better grasp than poor Bryant Gumble and Katie Couric did. What is it? A giant computer billboard? You can decide for yourself, while you check out their hilarious struggle with the meaning of life, the Universe and the Internet waay waay back in 1994. Before even Google was created:

The Internet Is Over?

Oh, heck, it only just started! According to the man who originally was Prince, then became a symbol (I just learned it’s called “Love Symbol #2) and is now back to being Prince, the Internet is over. Context, please – Prince was being interviewed (link here) by the Mirror and was discussing “internet abuses” relative to his content. He also was talking about the anticipated release of his newest album, 20TEN, for free, exclusively, in the UK via the Daily Mirror newspaper. Via CD. No downloads. None of that pesky, problematic Internet stuff for Prince. Here is the quote:

“The internet’s completely over. I don’t see why I should give my new music to iTunes or anyone else. They won’t pay me an advance for it and then they get angry when they can’t get it.

“The internet’s like MTV. At one time MTV was hip and suddenly it became outdated. Anyway, all these computers and digital gadgets are no good.

“They just fill your head with numbers and that can’t be good for you.”

I am guessing that if you are reading this, you might not share the same view about the internet. But rather than chuckle at Prince’s apparent backwards approach to modern technology, consider that this 52-year old pop icon is only one of many others that share a similar perspective. Maybe he had a bad experience on the internet, maybe she is completely unsure how to negotiate it. Whatever the reason, they just don’t GO there.

Maybe these Prince-lings are in your own firm or are your own clients. How do you deal? As you set up your on-line presence, hoping to grow the conversation in that venue, you may be alienating or, at the very least, not reaching the ears of a sizeable number of potential audience members.

Because we have yet not fully adopted the internet and related techn0logy to the same extent as the car or the telephone, the needs of non-Web-based colleagues and customers must be considered. Keep a real life presence, but don’t miss an opportunity to introduce and educate Web tools. Positive experience is the best motivation for adoption.

Maybe you could even show Prince that the internet isn’t such a bad place. Look what it did for Lady Gaga.

Disclaimer: despite my joking tone, let it be known that I am a HUGE Prince fan, eccentricities and all. And I urge you to hit the jump and read the interview – it’s very entertaining. What else would you expect?

More e-Stats for Number Junkies

Internet Cafe - Image by Lee Jordan

Are you interested in how the internet is being used and by whom? Do you love numbers? Pingdom, a company that performs website monitoring, compiled a heavy-duty blog post containing tons of relevant (and somewhat west of relevant) numbers on internet usage during the year 2009. Now, I cannot really testify regarding the support for the numbers, because Pingdom does not list its sources. But, assuming a kernel of truth, these are still pretty impressive and there are some fascinating factoids, to be sure. Did you know that 90 trillion email were sent. I guess email isn’t dead, or at least no one has told it yet. There were 234 million web sites and 187 million domain names across the top-level domains. That is a lot of surfing. There were 173 billion internet users and they are NOT concentrated in North America (Asia wins).

Check out these social media numbers (taken from the post):

  • 126 million – The number of blogs on the Internet (as tracked by BlogPulse).
  • 84% – Percent of social network sites with more women than men.
  • 27.3 million – Number of tweets on Twitter per day (November, 2009)
  • 57% – Percentage of Twitter’s user base located in the United States.
  • 4.25 million – People following @aplusk (Ashton Kutcher, Twitter’s most followed user).
  • 350 million – People on Facebook.
  • 50% – Percentage of Facebook users that log in every day.
  • 500,000 – The number of active Facebook applications.

Guess blogs aren’t dead yet either.

Check out the entire list of stats at Pingdom’s blog (link here). Thanks, Resource Shelf, for the tip.

Reblog this post [with Zemanta]

Everything You Ever Wanted to Know About Internet Searching …

… or at least a great deal of it may be found in the pages of this “book” brought to you by the fine peeps at MakeUseOf. The 39-page PDF, aptly named “Guidebook To Internet Searching“, includes tips and tools for this increasingly-important skill. The book is broken down into sections devoted to the major search players and more esoteric tools by topic, such as searching for people, products, images, video, files, real time, and everyone’s favorite computational engine, Wolfram / Alpha. I love the Google search “cheat sheet” at the end, with lots of search terminology. Also, check out some of the other great Guidebooks they list at the back.

I bet there is something in here that will be new to you!

Hat tip to Jane’s e-Learning Tip Of The Day

Making A Federal Case Over Cloud Computing

Something got Goliath’s attention. The Federal Trade Commission has gotten involved in an inquiry before the Federal Communications Commission into security and privacy issues surrounding cloud computing that may have wide-reaching ramifications for enterprise and business use of the Web and SaaS.

It all began with the realization that our national broadband access was seriously lacking. In response, several federal laws were passed to encourage broadband development and deployment. The FTC has a degree of jurisdiction over broadband deployment. In the initial inquiry, filed last June, the FCC summarized the underlying rationale as follows:

In the recently passed American Recovery and Reinvestment Act of 2009,’ the “stimulus” legislation, Congress charged the Department of Agriculture’s Rural Utilities Service and the Department of Commerce’s National Telecommunications and Information Administration with making grants and loans to expand broadband deployment and for other important broadband projects. Congress provided $7.2 billion for this effort-no small sum. But even this level of funding is insufficient to support broadband deployment. With this realization, the Recovery Act charges the Commission to create a national broadband plan. By February 17, 2010, the Commission must and will deliver to Congress a national broadband plan that seeks to ensure that every American has access to broadband capability and establishes clear benchmarks for meeting that goal.

Sounds great. However, under this docket number, as well as two others, the FCC sought further comment on how to deal with disclosure of “confidential” information between “eligible entities” and broadband service providers. In part:

We also seek comment on section 106(h)(2) of the BDIA, which requires eligible entities to treat “any matter that is a trade secret, commercial or financial information, or privileged or confidential, as a record not subject to public disclosure except as otherwise mutually agreed to by the broadband service provider and the eligible entity.” In particular, we seek comment on whether that section is self effectuating or whether the Commission should take any measures to ensure eligible entities’ compliance with section 106(h)(2). If parties believe that the Commission should adopt safeguards to ensure compliance with section 106(h)(2), then we ask that they describe with specificity the nature of their proposed safeguards.

After workshops on the broader issues surrounding broadband development, including its effect on the general economy, IT and productivity, the public comments began pouring in. The cast of commenting characters is impressive, and includes some high profile corporations, including Alcatel-Lucent, NPR, QUALCOMM, Walt Disney and Microsoft. Much of the information is confidential and not viewable by the public.

Now the FTC has commenced its investigation into privacy, security concerns, identity managements systems, log-ons and authentication, mobile computing, and social networking in the context of this broader discussion. A roundtable is scheduled to be held on January 28 on these issues.

How will this resolve? Before the likes of Amazon and Rackspace, big players in the cloud computing sector, start shaking in their boots, the long-term goal should actually benefit those interested in storing in the cloud and utilizing cloud services  and tools.  Remember my post yesterday about the Internet in 2020? The recent inquiry appears to be another piece in the larger puzzle of transforming the Internet into an entirely new experience. Safety and security issues are a significant part of that process.

While it is possible that the inquiry will expose present insecurities that may affect enterprise and business use of the cloud, my sense is that those insecurities should be exposed, examined, quantified, and, hopefully, eliminated. I applaud the FCC and FTC for getting that ball rolling. Hopefully, cloud providers and businesses using their services are employing the best available tech, and thus mitigating the potential liabiltiy for security breaches in the here and now. Down the road, security and best available technology in support of the cloud should be dramatically improved as the direct result of such comments, inquiries, and investigations.

Hat tip to ReadWrite Enterprise

Consulting Wikipedia Voids Conviction

The logo of Wikipedia.
Image via Wikipedia

Outside research doesn’t help a juror’s cause in Maryland: in a quest for understanding, a juror consulted Wikipedia about two medical terms that may have swayed the juror’s decision to convict a homeless man of murder. Consequently, the Maryland Court of Appeals overturned the conviction and life sentence. The case, Allan Jake Clark v. State of Maryland, was reported in yesterday’s issue of the Maryland Daily Record. According to reporter Steven Lash,

the juror’s Wikipedia search denied Allan Jake Clark a fair trial because “the right to an impartial jury embraces the right to have the case decided exclusively on the evidence that is produced in open court,” the Court of Special Appeals held in an unreported opinion.

Thus, Anne Arundel Circuit Court Judge Paul F. Harris Jr was wrong not to have declared a mistrial upon discovering that juror Alfred Rudolph Schuler had looked up the terms “livor mortis” and “algor mortis” on Wikipedia, an online reference site, and printed out the pages, the appellate court stated in its 3-0 decision.

The reasoning behind the reversal is not news to attorneys: consulting any information outside that presented in the course of the trial is potentially prejudicial and grounds for mistrial. What is interesting is that jurors — and people in general — think nothing of turning to the internet for answers to any question, including the meaning of scientific and medical terms like “livor mortis” and “algor mortis.” Juror Alfred Rudolph Shuler didn’t even consider his actions to be outside research: the article refers to Shuler’s explanation of his activities – ““I did go to Wikipedia and I looked up the meaning of ‘lividity,’” Schuler told his questioners, referring to the general term for blood flow after death. “To me that wasn’t research. It was a definition.”” The trial court permitted the case to continue after discovering printed copies of the Wikipedia entry, thereby muddying the grounds for the conviction.

This wasn’t the first time this year a Maryland court considered this issue. In May, the appellate court overturned a conviction in Wardlaw v. State because a juror had looked up the term “oppositional defiant disorder.”

Researching information on the internet has become second nature to many, to the point where looking up arcane bits of specialized information on Wikipedia, Google, Bing or any other virtual resource is like checking the traffic report on the radio. We are truly in the Information Age, where everyone can become a scholar. All the more reason to apply care in choosing the resources to consult and demanding that those resources be accurate.

Reblog this post [with Zemanta]