Proof that data breaches like Code Spaces, P.F.Chang’s, Domino’s, Target, Neiman Marcus continue to be inevitable. The Verge is reporting that the Heartbleed Open SSL bug is still running rampant. Despite the initial panic several months ago when Neel Mehta of Google’s (GOOG) security team discovered the major bug which put over a million web servers at risk, the threat is old news.
600,000 still vulnerable to Heartbleed
Being old news does not mean the problem’s solved according to the article. They cite security researcher Robert David Graham who found that at least 309,197 servers out there on the interwebs are still vulnerable to the exploit.
Immediately after the announcement, Mr. Graham found some 600,000 servers were exposed by Heartbleed. One month after the bug was announced, that number dropped down to 318,239. In the past month, only 9,042 of those servers have been patched to block Heartbleed. The author says that’s cause for concern because it means that smaller sites aren’t making the effort to implement a fix.
Affects the OpenSSL protocol
The Verge concludes that it’s likely that the lightly trod corners of the internet will remain vulnerable for many years to come, as sites with sub-par security standards continue to leave themselves and their users exposed. The danger is particularly real now since the exploit has been widely publicized. The bug, which affects the OpenSSL protocol used widely online, can cause some serious damage — it can be exploited to give hackers encryption keys, passwords, and other sensitive information.
rb-
I mean who do all these people think they are the NSA?
CNET has kept a running list of where you should change your password due to Heartbleed.
- Google (GOOG)
- Facebook (FB)
- YouTube
- Yahoo (YHOO)
- Wikipedia
- Bing
- Tumblr
- ESPN
- NetFlix
- Weather.com
- Dropbox
- AT&T (T)
- OKCupid
Related articles
- OpenSSL vulnerability allows hackers to read 64k of memory on target server (ehackingnews.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.