Heartbleed vulnerability still affects 320k servers

Heartbleed
A month on: Heartbleed not forgotten

Roughly 320,000 servers are still vulnerable to the Heartbleed OpenSSL bug a month after it was first revealed and caused panic in security circles.

The figure was discovered by Errata Security, which postulated that the number might even be higher, as some servers have firewalls in place, the scan was limited to port 443, and the ISP used to conduct the scan had significant traffic congestion.

When Heartbleed was publicly revealed last month, the number of vulnerable systems detected by Errata was 600,000.

In a heartbeat

The Heartbleed bug derives its name from the Heartbeat feature of OpenSSL, which contains an error that allowed unauthorised data to be accessed.

Errata detected one million systems with Heartbeat last month, only a third of which were patched. Now it detected 1.5 million, with 1.2 million of those patched. The increase in those using Heartbeat suggests this feature was initially disabled by many as a precautionary measure.

The bug was patched almost immediately by most top websites like Google and Facebook, but the fact that so many are still unpatched is a major cause for concern.

Perhaps the biggest issue with Heartbleed is that it existed for two years before anyone even knew about it. The delay in finding the bug was largely blamed on the lack of funding many open source projects like OpenSSL receive.

Latest in Pro
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Racks of servers inside a data center.
Modernizing data centers: an efficient path forward
Dr. Peter Zhou, President of Huawei Data Storage Product Line
Why AI commonization is so important for business intelligent transformation and what Huawei’s data storage has to offer
Wix automation
The world's leading website builder aims to save businesses time with new tool
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Latest in News
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough