Hacker News new | past | comments | ask | show | jobs | submit login

It would kill your business eventually so it may me a naive question but : do you need volunteer work to help identify and warn those insecure networks ?



Yes, I encourage security researchers to always notify the relevant network operators/ authorities if they make an interesting discovery. And that data is always provided for free to agencies such as the CERT. At the end of the day I would like to think that Shodan helps make the Internet a safer place by having smarter people than me find critical infrastructure, and then notifying the operators so things can get fixed. There will always be security issues as long as people are deploying them, so I'm not worried about Shodan becoming obsolete.


Maybe you could provide some place to keep track of who has been notified ? Or even better : handle a "report" form yourself, so sources are notified only once and wild internet don't know if source may be watching its logs or not.


I guess you should feel free to do so. It takes away lots of fun for highschoolers though :P


Also, sorry for highschoolers, but this is for their own good :)

I had my own "let's see what we can do" youth, and sure thing it is very insightful. If we were talking only about business damage, I would say : "well, they desserve it". But we're not.

What do you think would happen if tomorrow, news headline was : "Massive oil truck crash kills 10, caused by hacker tempering with traffic lights." ? Repressive laws against any kind of computer toying would become even harder, and our highschoolers may go to jail for simply trying to have fun.


Well, it would be way better if we could add some kind of "source notified" flag directly on the database, we do not want to add mail flood to security breach. :)




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: