For them to do that it would require every individual with any private sector data files to violate 17 different federal laws governing maintenance of such files!
Folks who collect money, audit customers (USPS has customers), or undertake scientific research frequently take temporary custody of private sector data bases ~ without courtesy of a warrant ~ which means the agencies cannot just look at that data ~ just the custodian. There are laws controlling release of that information, and the way you maintain a closed shop with a widespread loose network is the computer systems folks have to have access to that data ~ which, of course, is prohibited by law.
Just in case you needed to have an example, that's one of those PRIVACY OVERSIGHTS ~ no doubt he tricked his way in.
I’m really not surprised that this tool turned up so many vulnerabilities and holes. “Ethical Hacking” and penetration testing are some of the biggest scams in information security today, because they can realistically only tell you one of two things about your security:
1) It sucks
or
2) You don’t know.
The second is because if the tester doesn’t find anything, all it means is any holes were beyond *the tester’s* capabilities. Since there is “always a bigger fish”, you can never really be totally secure. This new tool is just a more thorough version of human testers, and is therefore able to expose more holes. However, it isn’t the be-all-end-all, because again, it’s only as comprehensive as its programmer could make it.
Plus, many companies *STILL* don’t give information security the kind of priority they should be (many still think the IT department is either optional or at least doesn’t *really* need that big budget; after all, nothing has stopped working, right?).
Update on Shodan: The scariest search engine on the internet -- http://www.freerepublic.com/focus/f-news/3050600/posts