I am now following taosecurity on twitter and saw his tweet about http://shodan.surtri.com/
If it works as advertised, then it will make life easier for those looking for such information. This tool can be used by both black and white hat hackers. This is what I call freedom of information. This site is not presenting anything that is not already publicly available. Though it does make it a bit easier to find it.
I have spent the majority of my career on the defensive side of Information Security. One of the things that often gets recommended is that banners in services, like SMTP or HTTP, are turned off. Turning that information off does not in any way prevent attacks or mitigate any vulnerabilities. It does make life a little bit harder for black hat hackers as they can not do a simple drive by, i.e. connect get a banner and then leave. To find out out what software a system is using to provide a given service they would have to interact with the software a bit more.
Like TCP/IP stacks which have characteristics that can indicate which operating system generated the packets – simply by looking at packet headers – software has characteristics as well. For example years ago I connected to an SMTP server and got a banner that started with “220 ******* SMTP *** Service*****” or something like that, it had way too many asterisks in it. I later learned that it was a Cisco PIX firewall.
Changing the banners would at least help a site not be listed for running say Apache, when in fact they very well could be. Again it does not stop or mitigate vulnerabilities, but it does make it somewhat harder on those wishing to cause the device harm.
