University of Michigan and Google Are Mapping the Entire Known Web with Censys | Hacked: Hacking Finance
user

University of Michigan and Google Are Mapping the Entire Known Web with Censys

Introduction

P. H. Madore

P. H. Madore

P. H. Madore has covered the cryptocurrency beat over the course of hundreds of articles for Hacked's sister site, CryptoCoinsNews, as well as some of her competitors. He is a major contributing developer to the Woodcoin project, and has made technical contributions on a number of other cryptocurrency projects. In spare time, he recently began a more personalized, weekly newsletter at http://ico.phm.link


LATEST POSTS

ICO Analysis: ICON (ICX) 17th September, 2017

Observations from a Post-Bubble(?) World 16th September, 2017

Cybersecurity

University of Michigan and Google Are Mapping the Entire Known Web with Censys

Posted on .
This article was posted on Thursday, 13:41, UTC.

Logging onto a terminal in 2015, it’s easy to forget what the Internet actually is: a massive, massive macro version of your home network. If you’ve got a phone and a computer connected to the web, that’s technically three devices, counting the router.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

Now multiply that by many billions of times, and you’ve got the number of addresses that the Censys project is aiming to track, though not for arbitrary reasons. Rather, Censys is scanning the known web for security vulnerabilities, at least the obvious kinds that system administrators should know about.

The infrastructure for Censys, which is a University of Michigan project, is being provided by Google. The project has already aided researchers in discovering millions of unsecured Internet of Things devices, as demonstrated by SEC Consult earlier this month. Right now, you can go to Censys and type in your home IP address to see if you, personally, have any devices broadcasting publicly. In many cases, this is just not possible due to default router configuration by ISPs. But if you run a website, the service may be more useful. As you can see from the screenshot below, Censys is able to provide some information about Hacked.com, but displays no obvious vulnerabilities in our system.

11-censys

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

But searching for vulnerabilities is not the primary focus of Censys, as the name “Censys” implies. A census is a way that governments and large organizations can understand all the elements which fall within them. Using three core data collection tools – ZMap, ZGrab, and ZTag – Censys trawls the all IPv4 addresses as well as the top 1 million domain names. There are obviously more than 1 million domain names in the wild, but the world doesn’t rely on even the 1 million that are being tracked. Much of the world’s web traffic actually happens through a very limited number of domains, but that’s another issue.

The primary focus of Censys is to know as much about the web as possible, and in a security sense can mean understanding how large a problem could possibly be. Since ZMap enables Censys to know the encryption situation of each device it pings along with other details, a researcher who’s discovered a flaw will now have a new way to determine the possibilities of it.

Shodan has been a leader in the large-scale vulnerability-finding space for some time, but Zakir Durumeric told the MIT Technology Review that Censys has significantly better coverage and fresher data. Shodan’s CEO John Matherly told the same publication that it wasn’t much different, if any, and that Shodan uses more techniques for probing IP addresses than does Censys at present. In any case, both efforts offer researchers an easy way to probe the web for vulnerabilities to patch or exploit, but one is economically free and the other is for-profit. Do note that you will need to create an account at Censys if you decide to do more than five searches in a given day.

Chances are, and history has shown, that there is room in the market for both efforts but that professionals will continue to use the things they know to be reliable. Censys could rise up to overshadow Shodan, or it could live a short and quiet life inside a research laboratory at the University of Michigan, one of Google’s many forgotten almost projects. But given the use it’s already had, it seems Censys is here to stay.

Featured image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

P. H. Madore

P. H. Madore

http://phm.link

P. H. Madore has covered the cryptocurrency beat over the course of hundreds of articles for Hacked's sister site, CryptoCoinsNews, as well as some of her competitors. He is a major contributing developer to the Woodcoin project, and has made technical contributions on a number of other cryptocurrency projects. In spare time, he recently began a more personalized, weekly newsletter at http://ico.phm.link

There are no comments.

View Comments (0) ...
Navigation
The team:
Dmitriy Lavrov
Analyst
Dmitriy Lavrov is a professional trader, technical analyst and money manager with 10 years of trading experience. He covers Forex, Commodities and Cryptocurrencies. He is among the top 10 most Read More
Jonas Borchgrevink
Founder
Jonas Borchgrevink is the founder of Hacked.com and CryptoCoinsNews.com. He is a serial entrepreneur, trader and investor. He shares his own personal journey on Hacked.com. // -- Discuss and ask Read More
Mate Csar
Analyst
Trader and financial analyst, with 10 years of experience in the field. An expert in technical analysis and risk management, but also an avid practitioner of value investment and passive Read More
Mati Greenspan
Analyst
Senior Market Analyst at Etoro.com. // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Important: Never invest Read More
Rakesh Upadhyay
Analyst
Rakesh Upadhyay is a Technical Analyst and Portfolio Consultant for The Summit Group. He has more than a decade of experience as a private trader. His philosophy is to use Read More
Pamela Meropiali
Account Manager
Pamela Meropiali is responsible for users on Hacked.com. // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Read More
Joseph Young
Journalist
Joseph Young is a finance and tech journalist & analyst based in Hong Kong. He has worked with leading media and news agencies in the technology and finance industries, offering Read More
A banking chain in Colorado told Krebs on Security that…