[nik282000]

Yes and no? The owners of these devices made them publicly available by design or through ignorance. While they should be notified of their (maybe) mistake, it's no different from a person who doesn't understand that their neighbours can see into an open window at night.

Should Shodan be taken down because it can search for these devices? What about Google because it can find admin consoles?

[pibaker]

There is a difference between you taking a look through your neighbor's window, and compiling a list of houses known to have curtains open in your city and publishing the list to the public.

> What about Google because it can find admin consoles?

Intention and proportion matters. Google is overwhelmingly not used for discovering unsecured endpoints and that is what makes it OK. If you build a search engine that only serves admin consoles and markets itself as the search engine for admin consoles then you have a problem. There is a reason why DDOS for hire services market themselves as selling "stress testing for your own servers," because they are smart enough to know the consequences of knowingly breaking the law.

[IanCal]

> it's no different from a person who doesn't understand that their neighbours can see into an open window at night.

And standing out in the street staring through with binoculars is still wrong and creepy.

> Should Shodan be taken down because it can search for these devices? What about Google because it can find admin consoles?

It’s not a new idea, nor that controversial, that we restrict things specifically aimed at doing something rather than ones just capable of it.

[gblargg]

The site even lets you see if any of your cameras are exposed, where it switches to a map view and shows any near you.

[nik282000]

I know that my cameras are behind an auth layer but, as it is painfully obvious here, many people do not. A 'check my cameras' feature is a nice way to find out if you messed up.