If you have a feeling you should one day do some kind of check to see if you have anything from your network exposed on the Internet, you’re probably right. In fact, nobody else – including the security fairy – is going to do it for you. This goes for both home networks and businesses, although it’s probably a little more likely that employees of businesses may have installed things with severe vulnerabilities that management or the IT group doesn’t know about than people at home. But it does happen everywhere.
In a recently documented case, the simple exposure of printer ports to the Internet led to a white supremacist being able to send racist messages to be printed on thousands of exposed printers over the Internet.
Many security savvy folks now know about free or cheap tools that can automatically scan the entire Internet for devices or computers that are open to accepting commands from anyone who knows how to send them. Tools like Shodan or Masscan can do just that, and we are constantly seeing reports of different types of devices that people typically have not taken the time to secure properly.
In many cases, people probably just think there’s not much damage that could be done with their unimportant little device or computer, and who’d want to do anything bad to them anyway? In others, they may just have forgotten. It’s not surprising, but these days, we have a lot of things connected to our networks. And maybe, just maybe, there’s something on your network that’s putting you at risk. That’s why doing a check on vulnerabilities is important. If you don’t know how, but think it might be worth doing, just ask somebody for help.
Of course, there may be others who just think the Security Fairy is going to come and fix all the vulnerabilities in their systems that are exposed to the Internet. Good luck with that!
Here’s the CIO Magazine story about the racist messages being sent to thousands of exposed printers.