Blog - Censys

Censys Blog

June 18, 2018

Introducing Relational Database Scanning

by The Censys Team

To help organizations investigate and monitor whether they’ve mistakenly exposed databases, we're adding scanning for four popular relational database servers: MySQL, PostgreSQL, Microsoft SQL Server, and Oracle Database.

Read More

January 25, 2018

Announcing Censys Paid Plans

by The Censys Team

Last summer, Censys began a new chapter: we graduated from the University of Michigan and became a company. This transition will help Censys become an even more powerful tool for securing devices and networks, and it allows us to offer Censys to businesses and enterprises for the first time. Today, we’re introducing Censys Basic, Censys Pro, and Censys Enterprise paid plans, which allow commercial use and include technical support.

Read More

December 14, 2017

Tracking the Mirai Botnet

The Mirai botnet, composed primarily of embedded and IoT devices, took the Internet by storm in late 2016 when it overwhelmed several high-profile targets with massive distributed denial-of-service (DDoS) attacks. The Censys team joined forces with collaborators from across the security field to track Mirai-infected devices, analyze the botnet's evolution, and understand how to improve defenses.

Read More at the Cloudflare Blog

July 1, 2016

DROWN: Decrypting RSA with Obsolete and Weakened eNcryption

DROWN is a serious vulnerability that affects HTTPS and other services that rely on TLS. It allows attackers to break the encryption and read or steal sensitive communications. We were part of a collaborative effort that discovered DROWN and measured its impact. 33% of all HTTPS servers were vulnerable to the attack.

Read More at DrownAttack.com

May 20, 2015

Weak Diffie-Hellman and the Logjam Attack

Diffie-Hellman key exchange is a cryptographic algorithm that is fundamental to many protocols, including TLS, SSH, and IPsec. We and colleagues uncovered important weaknesses in how Diffie-Hellman has been deployed: the Logjam attack against TLS, and the likelihood that nation-state attackers can defeat 1024-bit Diffie-Hellman.

Read More at WeakDH.org

March 3, 2015

The FREAK Attack

The FREAK attack allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data. Shortly after the attack was announced, we began tracking the population of vulnerable sites.

Read More

October 14, 2014

The POODLE Attack and Tracking SSLv3 Deployment

In October 2014, Google disclosed the POODLE attack, a padding oracle attack that targets CBC-mode ciphers in SSLv3. The vulnerability allows an active MITM attacker to decrypt content transferred an SSLv3 connection. Data we collected about SSLv3 deployment helped support browser-makers' decision to disable support for SSLv3.

Read More

April 7, 2014

Heartbleed Bug Health Report

The Heartbleed Bug is a vulnerability in the OpenSSL cryptographic library that allows attackers to invisibly read sensitive data from a web server. This potentially includes cryptographic keys, usernames, and passwords. We and our collaborators tracked the vulnerable population and measured exploitation attempts, and later published a comprehensive analysis of the vulnerability and its aftermath.

Read More

October 1, 2013

HTTPS Ecosystem Scans

by Zakir Durumeric

We report the results of a large-scale measurement study of the HTTPS certificate ecosystem—the public-key infrastructure that underlies nearly all secure web communications. Using data collected by performing 110 Internet-wide scans over 14 months, we gain detailed and temporally fine-grained visibility into this otherwise opaque area of security-critical infrastructure.

Read More

August 8, 2012

Widespread Weak Keys in Network Devices

We and colleagues performed a large-scale study of RSA and DSA cryptographic keys in use on the Internet and discovered that significant numbers of keys are insecure due to insufficient randomness. Nearly 6% of TLS hosts and nearly 10% of SSH hosts share public keys in an apparently vulnerable manner, due to either insufficient randomness during key generation or device default keys. Nearly all the vulnerable hosts are headless and embedded network devices, such as routers, firewalls, and server management cards.

Read More at Factorable.net