Senrio+Xipiter 0day for MANY D-Link devices

[…] In our last post we talked about a vulnerability discovered in the D-Link DCS-930L Cloud Camera. Since then the Senrio Research Team has been working closely with the D-Link Security Incident Report Team. Below we disclose technical details of our efforts.  […] What does that mean in terms of exposure to consumers? In a collaboration with Shodan we discovered 400,000 devices publicly accessible that could be affected by this 0day.  […]

http://blog.senr.io/blog/400000-publicly-available-iot-devices-vulnerable-to-single-flaw

Shodan: showcasing lack of IoT security

Charlie Osborne has an article in ZDNet about Shodan a search engine focused on non-existant security IoT:

Shodan: The IoT search engine for watching sleeping kids and bedroom antics

Shodan has made it even easier for our inner voyeur to spy upon the open webcams of homes across the world — but are the ramifications more pronounced than idle surveillance? Launched in 2013, Shodan is a search engine used to find Internet of Things (IoT) connected devices around the world. Webcams, security systems and routers are only some of the devices which, once connected to the Web, can offer a glimpse into our lives behind locked doors should poor security turn the key. Unfortunately, despite a steep rise in home Internet connectivity and the use of connected home devices — from lighting to cameras — and IoT-based vehicles, security comes up short. […]

Full post:
http://www.zdnet.com/article/shodan-the-iot-search-engine-which-shows-us-sleeping-kids-and-how-we-throw-away-our-privacy/

https://www.shodan.io/