Hello, welcome to the Wednesday, July 6, 2022 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich and I'm recording from Stockholm, Germany.

About five years ago, the Wanna Cry and Notpetya warms caused quite a bit of havoc, taking advantage of the eternal

plu exploit. So Jan took the opportunity to take a look at Shodan data to see how such a highly

publicized and dangerous vulnerability has been patched over the last five years.

Well, turns out, yeah, it has been patched, but far from perfect.

Now, at its peak, Shodan counted 35,000 vulnerable systems.

These days, there are about 5,000, or actually exactly 5,565. As Jan points out,

vulnerable machines left, again, according to Shodan. But remember one way how some of these

warms really caused the damage was by entering a network and then spreading internally. And of course, Shodan typically does not detect these internal vulnerable hosts.

Other interesting thing, about six months ago, the number was at 10,000 and actually remained

sort of constant, if you're looking at the 12 month and six month

number.

But overall, this matches what we have seen all the way back to vulnerabilities like the

code red, NIMDA vulnerabilities, and the worms that are versed with it, that there is an

initial, relatively fast drop in vulnerable systems.

Those are systems that are being patched, usually within a month or so.

And then there is this long tail that pretty much lasts forever.

And at this point, once you sort of discount honeypots and the like systems vulnerable to

these particular issues are probably never really patched,

but just decommissioned.

And I've got an interesting update to Open SSL.

It actually fixes two different vulnerabilities.

...