Mobile Commerce

300,000 Servers Still Vulnerable to HeartBleed

Just over one month after its initial detection, 300,000 servers are still at risk from penetration by the HeartBleed security bug, according to independent security researcher Robert David Graham.

Graham found through a global scan of 1.5 million servers using the “heartbeat” feature of OpenSSL, the vulnerable attack point that comprises the HeartBleed bug. Of those 1.5 million, Graham found that 318,239 systems remain vulnerable. Graham, in posting about his scans on his blog, noted that the pattern in systems using and patching for HeartBleed is a little unusual.

“Last month, I found 1-million systems supporting the “heartbeat” feature (with one third patched). This time, I found 1.5-million systems supporting the “heartbeat” feature, with all but the 300k patched. This implies to me that the first response to the bug was to disable heartbeats, then later when people correctly patched the software, heartbeats were re-enabled. ”

Patches for HeartBleed are now commonly available and have been widely adopted by larger users OpenSSL like Google, Graham’s scan indicates that many smaller servers have not as of yet. This is particularly disturbing since HeartBleed attacks are simple to carry out and very damaging.  Smaller servers, and some  Facebook -sized ones as well, may also be looking at tacking threats as details about a security flaw in the OAuth Log-in are emerging.

“What’s Hot” is aggregated content. claims no responsibility for the accuracy of the content published by the original source.


Latest Insights: 

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. Check out the February 2019 PYMNTS Digital Fraud Tracker Report

Click to comment


To Top