300,000+ Servers Exposed To Heartbleed Bug
Two months post the discovery of the Heartbleed Bug, roughly 300,000 servers remain vulnerable to the exploit.
Heartbleed was originally discovered by a Google engineer. This brought about widespread panic and an incredible amount of server patching from businesses everywhere. The glitch in the system impacts OpenSSL – an open source software used to encrypt information throughout the web, and, in the wrong hands can be abused to leak account log-in details and passwords. What separates this bug from others of its kind is the inherent nature of the OpenSSL framework, which is used by thousands of websites and left large numbers of servers on the web, exposed.
Once the Heartbleed Bug had become publicised, security researcher Robert David Graham from Errata Security uncovered that approximately 600,000 servers were exposed to the security flaw. Graham reported that one month later, half of the aforementioned servers have been patched and protected against Heartbleed and only 318,239 have been left in the same state.
Despite this, two months have passed and 309,197 servers still remain vulnerable to Heartbleed. In correlation, patch figures have dropped from double to single percentage figures in the past month. (Only 9,042 new servers have been patched).
The security researcher has suggested that this stagnation is due to the fact that people have stopped bothering to patch systems. With this in mind, there should be a “slow decrease” concerning the number of vulnerable systems as older servers are replaced. The issue now being that since the few thousand major companies have protected themselves, it’s not promising that the smaller firms that have not already done so will follow suit.
Graham has stated “Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable..”
What impact will this have on the account holders? If you’re still concerned for any personal details then be sure to use McAfee’s free checker to find out whether a website is vulnerable. Alternatively, use more than one password for each online account that you have.