Hello and welcome to the Friday, December 19th, 2025 edition of the Sands Internet Storms Centers.

Stormcast, my name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

And this episode is brought you by the Sands.edu graduate certificate program in cyber security engineering.

Stick big note about the next couple weeks because we do have holidays sort of midweek, both weeks.

I'm planning on having at least a podcast on the Monday of each week.

But aside of that, they'll lay a little bit by ear

and see if there's any significant news to make a podcast worthwhile. Other than that,

that'll probably just the one podcast, either Monday or Tuesday, of each week.

And talking about holidays, something to celebrate is certainly that we do appear to have

less exposed industrial control system devices and other simple, exploitable devices than we had

about a year ago. Jan took a look at some of the statistics in Shodan and he sort of has been tracking them continuously over a couple years now.

And when it comes to just industrial control system devices there, I don't think it's a done deal yet in the sense that they're going to soon be dying out here.

There seems to be some odd sort of peaks during the summer

month when we have more industrial control devices exposed than we had sort of during the winner.

But overall, there seems to be a downward tendency, even though we are at about the same level

as we had a year ago.

Where it looks much better is support for SSL version 3 and in particular SL version 2.

Both dropped approximately by half over the last year.

So that's pretty good.

Now, I was saying that it's unlikely that a server will be

exploited because it's running SL version 3 or SL version 2 for that matter, but it's often

an indicator that there's a lot of other things wrong with this particular server that, you know,

...