Leave a comment

Heartbleed, one month later: 300,000 servers still wide-open

Heartbleed, one month later: 300,000 servers still wide-open
Courtesy of Shutterstock

It's been one month since Heartbleed was found - and we're still not safe.

Cybersecurity blog Errata Security scanned a portion of the Internet and found 300,000 vulnerable systems. That's tiny compared to the size of the Internet - and half of what the blog found a month ago - but that means it's still possible to get caught up in Heartbleed.

The blog looked for sites that supported a legitimate coding extension made available over the Internet called "heartbeat." Heartbleed took advantage of a flaw in that extension.

Last month, I found 1-million systems supporting the "heartbeat" feature (with one third patched). This time, I found 1.5-million systems supporting the "heartbeat" feature, with all but the 300k patched. This implies to me that the first response to the bug was to disable heartbeats, then later when people correctly patched the software, heartbeats were re-enabled. Note that only OpenSSL supports heartbeats, meaning that the vast majority of SSL-supporting servers are based on software other than OpenSSL.

There are great ways to stay safe while you're surfing the Web. Here is the one thing you must do right now in response to the Heartbleed bug.

Next Story
Stolen phone captures selfie of the thief
Previous Happening Now

Stolen phone captures selfie of the thief

Facebook scam targets Rolling Stones fans
Next Happening Now

Facebook scam targets Rolling Stones fans

View Comments ()