300k servers remain vulnerable to Heartbleed
Posted by: Jon Ben-Mayor on 06/23/2014 06:57 AM [ Comments ]
The press which Heartbleed received was widespread and verged on panic mongering, so what is the aftermath? It seems that out of the approximate 600,000 servers that were vulnerable to the code flaw that is Heartbleed - only about half have been fixed in 2 months time.
According to Errata Security, this indicates people have stopped even trying to patch. We should see a slow decrease over the next decade as older systems are slowly replaced.
TechCrunch explains exactly what this means, oversimplified: while almost all of the Internet’s most popular sites (the top 1000 or so — the biggest, most obvious targets for attackers) are no longer vulnerable, lots and lots of smaller sites/systems are still at risk. And based on the patch rate just 2 months later, after the appropriately huge hype surrounding the bug has tapered, that… probably won’t ever change.
In a nutshell, Heartbleed will keep on bleeding, even with a password change the vulnerability will remain if the site you are changing it for happens to be one of the 300k that are simply riding it out on the spilled blood so to say...
TechCrunch explains exactly what this means, oversimplified: while almost all of the Internet’s most popular sites (the top 1000 or so — the biggest, most obvious targets for attackers) are no longer vulnerable, lots and lots of smaller sites/systems are still at risk. And based on the patch rate just 2 months later, after the appropriately huge hype surrounding the bug has tapered, that… probably won’t ever change.
In a nutshell, Heartbleed will keep on bleeding, even with a password change the vulnerability will remain if the site you are changing it for happens to be one of the 300k that are simply riding it out on the spilled blood so to say...
Comments