Most of these blog posts are about projects from my time at the Interactive Telecommunications Program at NYU, which I attended from 2017-2019. Take a look through and take a step back into time with me, to an earlier era, a simpler time when we all knew the rules.


Shodan Stories Day 67: Taking Care of Feet in Buenos Aires, Good Old Apache Webservers, and the Forgotten History of the Directory Index


I saw a great search on Shodan the other day, one just for Apache Webservers. Apache is a true classic, a webserver now 24 years old that had a big hand in the expansion of the early web. It’s still among the most popular servers today; it’s estimated that 20% of all current websites are running Apache. So I was expecting to see a lot of results, and indeed Shodan could identify at least 320,000 IP addresses running Apache.…
Read more ⟶

Shodan Stories Day 66: Making Cement in Tuban


Today I saw a search just for everything that’s a customer of PT Telkom Indonesia, an Indonesian ISP. Tuban Cement Factory on 180.250.182.241 I ended up picking the first result because I saw on Shodan, in the town of Tuban on Java, that it was running this warning on the telnet port, 23. ***************************************************************************** PT Holcim Indonesia Tbk Astinet Router to STO Kerek Tuban Plant WARNING: This is a private system.…
Read more ⟶

Shodan Stories Day 65: My Wifi Enabled Smart Projector Helped Me Rekindle My Marriage's Lost Spark in Beijing


Today I wanted to find any kind of Alexa-compatible device, be it WiFi plug, smart bulb, or whatever, so I searched in Shodan for “alexa”. After looking at the results for awhile I found that there was a particular type of object that showed up that I thought was worth looking into further, what looked like a “smart projector”. Optoma on 54.223.86.54 The actual search I used to narrow down on the projectors was “alxtest/alexa”, which was part of the name in the webserver these projectors were running.…
Read more ⟶

Shodan Stories Day 64: Pro DJing in Antofagasta, Iomega NAS, and a Torrenting Minimalist


Today I saw a search for Iomega (now Lenovo EMC) Network Attached Storage, probably because these devices have been show to have huge security flaws (or the novelty of finding devices that still have “Iomega” written into their cookie code even after the brand had been incorporated into Lenovo). But I thought it would be a nice change from all of the Synology NAS we’ve been seeing. Lenovo EMC NAS on 190.…
Read more ⟶

Shodan Stories Day 63: Securities Trading in Hong Kong, Ghidra vs IDA Pro, and the Ever Popular Insecure Java Debugger


There’s been a lot of hubbub in the infosec world the past couple of days because the NSA released one of their reverse engineering tools, Ghidra, as an open source toolkit. This is huge news because the closest tool in functionality, IDA Pro, is $1200 a year for a license, but also raised a question: would you trust software from the NSA, even if it’s hosted on Github? I’m starting with this preamble because of a default setting in Ghidra.…
Read more ⟶

Shodan Stories Day 62: Night at the Kino in Winnenden


Today I wanted to find a webcam but not because I needed an easy target, but rather so that I could find a webcam that would lead me to its precise location. I mulled about in Shodan’s image viewer until I found an interesting result, and lo and behold, it’s another webcam server made by Steven Wu (see days 38 and 47 if that name doesn’t ring a bell). Thank you, Steven Wu, for your really terribly insecure webcam server.…
Read more ⟶

Shodan Stories Day 61: Printing Skulls in Springfield, Tautulli Plex, and OctoPrint


Today’s episode is again taken off of the recent searches. I saw someone searching for “octoprint -login -authenticate”, and decided I’d take a look. Turns out OctoPrint is a web interface for 3D printers that let you remotely monitor and control your in progress jobs. So I’d be finding 3D printers, a whole dimension up from the paper printer I found back on day 31. A Wanhao Duplicator i3 3D Printer on 173.…
Read more ⟶

Shodan Stories Day 60: The Private Prison Industrial Complex in Houston, Encartele Phones, Bonkers Advertisements, Inmate Surveillance, and Predatory Business Models


I saw a search for “prison phones” and gosh if that isn’t a lure I don’t know what is. The search was just for “encartele”, and doing some Googling I found that Encartele is a major player in the United States inmate phone service industry. I think this ad will explain what that means: An Encartele Prison Phone on 66.112.68.130 So Encartele charges inmates and their families artificially high phone rates and give paybacks to the wardens running the prisons.…
Read more ⟶

Shodan Stories Day 59: High Precision Instruments in Bosnia and Herzegovina, Leica Geosystems Satellite Receivers, and Our Story of 80 Years of Mergers and Acquisitions


A plethora of good shared searches on Shodan today. I decided to go with satellite receiver web interfaces, thinking that after my attempts back on day 13 this would be about as close to a real satellite as I could get. Leica Satellite Receiver on 212.39.114.78 I chose a result in Bosnia and Herzegovina. It was running email ports and a webserver on port 80, so I took a look at the webserver.…
Read more ⟶

Shodan Stories Day 58: Climbing the Global Cyber Vandalism Ladder in Westminster, Crypto Airdrops, and the Shady Underworld of Monetized Link Shortening Services


Today I felt like going for another hacked website, so I again searched for “hacked by” on Shodan like I did all the way back on day 18. A Hacked Server on 94.76.219.226 There were so many results, I picked the first one I got, in the UK. It had ftp and ssh running, as well as email and the usual 80 and 443 webservers. It also had a cPanel login page running, cPanel being, in my experience, the most miserable way to run a webhost backend.…
Read more ⟶