Just over one month after its initial detection, 300,000 servers are still at risk from penetration by the HeartBleed security bug, according to independent security researcher Robert David Graham.
Graham found through a global scan of 1.5 million servers using the “heartbeat” feature of OpenSSL, the vulnerable attack point that comprises the HeartBleed bug. Of those 1.5 million, Graham found that 318,239 systems remain vulnerable. Graham, in posting about his scans on his blog, noted that the pattern in systems using and patching for HeartBleed is a little unusual.
“Last month, I found 1-million systems supporting the “heartbeat” feature (with one third patched). This time, I found 1.5-million systems supporting the “heartbeat” feature, with all but the 300k patched. This implies to me that the first response to the bug was to disable heartbeats, then later when people correctly patched the software, heartbeats were re-enabled. ”
Patches for HeartBleed are now commonly available and have been widely adopted by larger users OpenSSL like Google, Graham’s scan indicates that many smaller servers have not as of yet. This is particularly disturbing since HeartBleed attacks are simple to carry out and very damaging. Smaller servers, and some Facebook -sized ones as well, may also be looking at tacking threats as details about a security flaw in the OAuth Log-in are emerging.
“What’s Hot” is aggregated content. PYMNTS.com claims no responsibility for the accuracy of the content published by the original source.
