Mobile Commerce

300,000 Servers Still Vulnerable to HeartBleed

Just over one month after its initial detection, 300,000 servers are still at risk from penetration by the HeartBleed security bug, according to independent security researcher Robert David Graham.

Graham found through a global scan of 1.5 million servers using the "heartbeat" feature of OpenSSL, the vulnerable attack point that comprises the HeartBleed bug. Of those 1.5 million, Graham found that 318,239 systems remain vulnerable. Graham, in posting about his scans on his blog, noted that the pattern in systems using and patching for HeartBleed is a little unusual.

"Last month, I found 1-million systems supporting the "heartbeat" feature (with one third patched). This time, I found 1.5-million systems supporting the "heartbeat" feature, with all but the 300k patched. This implies to me that the first response to the bug was to disable heartbeats, then later when people correctly patched the software, heartbeats were re-enabled. "

Patches for HeartBleed are now commonly available and have been widely adopted by larger users OpenSSL like Google, Graham's scan indicates that many smaller servers have not as of yet. This is particularly disturbing since HeartBleed attacks are simple to carry out and very damaging.  Smaller servers, and some  Facebook -sized ones as well, may also be looking at tacking threats as details about a security flaw in the OAuth Log-in are emerging.

"What's Hot" is aggregated content. claims no responsibility for the accuracy of the content published by the original source.



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.

Click to comment