Hello, welcome to the Tuesday, March 3rd, 2020 edition of the Sands and the Storm Centers.

Stormcast, my name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

Over the last four years, Let's Encrypt has made a huge difference when it comes to getting websites and other services equipped with TLS certificates,

and they just celebrated issuing one billion certificates. Now, when we are looking at some

traffic statistics, for example published by Mozilla about how much of HTTP traffic does take advantage of

TLS. It's usually these days sort of in the 70 to 90% range. Jan took a little bit of different

approach to this and he looked at the number of servers that are actually existing based on

Shodan. Now this is a very different picture because many of these servers that

Shodan discovers aren't necessarily meant for public consumption, don't have sort of any

real traffic to them. So the ratio here looks actually quite different. What Jan found was that

over the last few years, the percentage of websites that still use HTTP and not HTTP was about

42%. Now, still not too bad, given that a lot of these devices being exposed are probably the sort of default configured

routers and gateways like that where it's actually not always that easy to even set up an htps certificate

what's a little bit surprising is that over the last few months, actually the percentage

of HTTP went up again a little bit.

So that's a little bit counterintuitive.

Looks better when you're looking at Telnet versus SSH.

They are currently sort of at 4 to 1.

So 80% of services here offer SSH over Telnet.

Internationally, things actually look quite a bit different.

For example, in China, we only have about 33% of services that are using HDPS while in the US, it's around 45 to 46%.

...