Robert Vamosi: How does something like this progress? You look at a few things, and then it becomes like what about this, what about this, what about this, and you just keep discovering new things. That got me thinking if I can find machines on the Internet that shouldn’t be on the Internet by way of the tool, what else can I find? I searched for the most egregious thing I could think, like IIF5 and found many, many instances of IIF5. It goes around the Internet and collects banners from different HTTP services.

As I refined my searches to be less novelty and more, let’s do interesting stuff was actually there, one thing led to another. In one case, if you search for BOA, capital B O A, space, 0.92/A, you’ll find a whole bunch of devices on the Internet that are running this BOA invented Web server, and a good lot of them are cameras.

I’m working with my friend Paul Mc Millan, who’s done a lot of the sort of behind the scenes legwork in terms of the coding.

This show originally was broadcast November 8, 2013. I do freelance information security consulting, and my latest hobby has been finding things that shouldn’t be connected to the Internet by way of a search engine called Shodan.

Today my guest is Dan Tentler, Penetration Tester and Network Security Consultant at Rapid7. I have scaled this to a point where I have found such an egregiously large number of things on the Internet that, I mean, I needed to start automating the process of discovery in terms of [indecipherable ] Shodan and then parsing the results.