Hello and welcome to the Thursday, June 29, 2003 edition of the Sands and its Storms

Center's Stormcast.

My name is Johannes Ulrich and I am recording from Stockholm, Germany.

Jan today wrote up a quick survey based on Shodan data looking at what web servers are still

running, SSL version 2 and

well where they are running, which actually turned out to be quite interesting.

SSL version 2 was pretty much shown to be vulnerable and should no longer be used in late 90s,

so 99, and since has steadily been removed even from some TLS implementations.

What Jan found was, first of all, the not so surprising part. It's a lot of IoT devices,

the Go Ahead Web Server in particular. That's a web server that you often find sort of on

embedded devices,

but geographically it was very much concentrated in Kazakhstan. First I thought it maybe somewhat

politically related. Kazakhstan has had some interesting ideas like, for example, forcing everybody

to install a government-controlled

certificate authority to make a machine-in-middle attacks easier. But in this case, it appears

that one particular ISP, the largest ISP in Kassaslan, is deploying endpoint devices that use a web

server that only supports SSL version 2.

So these modems really are responsible for this big spike in SL version 2 devices in

Kazakhstan.

And then we got more trouble around NPM packages. Darcy Clark, who used to be associated with the NPM project, has published a blog post showing

how the NPM packages or the manifest files can be abused.

The problem is that these manifest files are never really verified or compared to the content

...