News & Insights

ISAKMP Scanning and Potential Vulnerabilities

September 20, 2016
As many of you are aware, we scan the Internet on a daily basis for many different protocols.  We have added several new ones over time mostly depending on our own time available to engineer a scan for that protocol.  Occasionally, we add one that is more topical and addresses a recent vulnerability or issue that needs to be focused on sooner rather than later.  ISAKMP falls into that category.

Of Data Sharing and Statistics Being Removed

June 9, 2016
As most of you may know The Shadowserver Foundation is a non-profit organization in both the US and in the EU.  We survive through donations, sponsorships, as well as project work to expand out what we are able to do.  We share our data for no cost with the direct network owners.  From our last few posts you can get an idea of how many drives we go through and the possible cost to maintain all the work that we have been doing.  We do not ask for credit, only the occasional support.

How do you dispose of three Petabytes of disk?

May 12, 2016
July of last year we had a little problem.  We had a lot of drives to dispose of and did so as inexpensively as possible via a drill press, a lot of time, and a lot of flying metal as we slowly destroyed stacks of drives one at a time.  Moving forward in time to today, we realized that our bins were once again full of drives, almost 1500 this time.  This adds up to almost three petabytes of storage in disks.  Knowing that it would take us days of drilling we sought out a faster solution, and here it is.

How two seconds become two days

November 17, 2015
At 3:37PM PST, we had a power blip in one of our datacenters.  In those two seconds, over 1,000 systems blinked offline.  As a non-profit, we don't have all of those niceties such as hot-hot datacenters or those new fangled UPSes.  Instead, we do it the old fashioned way, which means we are susceptible to power failures within the building our core systems reside.

SYNful Knock

September 21, 2015
On 15 September 2015, FireEye published information about potentially compromised Cisco routers under the name SYNful Knock. As soon as Shadowserver became aware of these potential compromises, Shadowserver and Cisco worked together and cooperated to scan the internet to detect these affected routers to allow a more accurate notification of the affected end-users.

What does complete failure smell like at Shadowserver?

August 15, 2015
In any corporation there is a fine line between success and failure.  Part of that is how each one is dealt with.  We at Shadowserver are as proud of our successes as we are of our failures.  We try to be upfront when something breaks and explains what occurred.  We failed completely at that this time as well.

The Italian Connection: An analysis of exploit supply chains and digital quartermasters

August 10, 2015
On July 5, 2015 an unknown hacker publicly announced on Twitter that he had breached the internal network of Hacking Team - an Italian pentesting company known to purchase 0-day exploits and produce their own trojans. The hacker proceeded to leak archives of internal Hacking Team tools and communications.

How do you dispose of a Petabyte of disks?

July 9, 2015
With the advent of massive inexpensive storage also comes the issue of the disposal of that storage when it inevitably fails on you, usually taking something valuable with each failure. Even the best of disks will fail eventually and at the end of the week you have a large steaming pile of disks that are no longer useful but cannot just be tossed into the rubbish bin.

Of Privacy, Security, and the Art of Scanning

June 23, 2015
With all the recent news and attention on world events the concept and concern around privacy has increased over the last several years.  There seems to be a lot of confusion around the concepts of privacy and security.  It has been developing that many people and organization attempting to promote privacy are considering them synonymous.  In reality, they are two separate issues that can work together or may be mutually exclusive.

You have Mail!

December 19, 2014
Whelp, there it happens again.  It seems that our filters blew up again and everyone is receiving a much larger set of data than normal.