{"id":70135,"date":"2014-06-24T19:09:55","date_gmt":"2014-06-24T23:09:55","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/index.php\/"},"modified":"2021-08-25T21:49:13","modified_gmt":"2021-08-26T01:49:13","slug":"heartbleed-old-news-servers-still-vulnerable","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/heartbleed-old-news-servers-still-vulnerable\/","title":{"rendered":"Heartbleed Old News – Servers Still Vulnerable"},"content":{"rendered":"

\"\"Proof that data breaches like Code Spaces<\/a>, P.F.Chang’s<\/a>, Domino’s<\/a>, Target<\/a>, Neiman Marcus<\/a> continue to be inevitable<\/em>. The Verge<\/em><\/a>\u00a0is reporting<\/a> that the Heartbleed<\/a> Open SSL<\/a> bug<\/strong> is still running rampant. Despite the initial panic<\/strong> several months ago when\u00a0Neel Mehta of\u00a0<\/span>Google’s<\/a> (GOOG<\/a>) security team discovered the major bug which put over a million web servers at risk, the threat is old news.<\/p>\n

600,000 still vulnerable to Heartbleed<\/h3>\n

\"\"<\/a>Being old news does not mean the problem’s solved according to the article. They cite security researcher Robert David Graham<\/a> who found that at least 309,197 servers<\/strong> out there on the interwebs are still vulnerable to the exploit.<\/p>\n

Immediately after the announcement, Mr. Graham found some 600,000 servers were exposed by Heartbleed. One month after the bug was announced, that number\u00a0dropped down to 318,239. In the past month, only 9,042 of those servers have been patched to block Heartbleed<\/strong>. The author says that’s cause for concern because it means that smaller sites aren’t making the effort to implement a fix.<\/p>\n

Affects the OpenSSL protocol<\/h3>\n

\"\"<\/a>The Verge<\/em> concludes that it’s likely that the lightly trod corners of the internet will remain vulnerable for many years to come<\/strong>, as sites with sub-par security standards continue to leave themselves and their users exposed. The danger is particularly real now since the exploit has been widely publicized<\/strong>. The bug, which affects the OpenSSL protocol used widely online,\u00a0can cause some serious damage \u2014\u00a0it can be exploited to give hackers encryption keys, passwords, and other sensitive information.<\/p>\n

rb-<\/em><\/strong><\/p>\n

I mean who do all these people think they are the NSA<\/a>?<\/em><\/p>\n

CNET<\/a> has kept a running list<\/a> of where you should change your password<\/strong> due to Heartbleed.<\/em><\/p>\n

    \n
  1. Google<\/a> (GOOG<\/a>)<\/em><\/li>\n
  2. Facebook<\/a> (FB<\/a>)<\/em><\/li>\n
  3. YouTube<\/a><\/em><\/li>\n
  4. Yahoo<\/a> (YHOO<\/a>)<\/em><\/li>\n
  5. Wikipedia<\/a><\/em><\/li>\n
  6. Bing<\/a><\/em><\/li>\n
  7. Pinterest<\/a><\/em><\/li>\n
  8. Instagram<\/a><\/em><\/li>\n
  9. Tumblr<\/a><\/em><\/li>\n
  10. ESPN<\/a><\/em><\/li>\n
  11. NetFlix<\/a><\/em><\/li>\n
  12. Weather.com<\/a><\/em><\/li>\n
  13. Dropbox<\/a><\/em><\/li>\n
  14. AT&T<\/a> (T<\/a>)<\/em><\/li>\n
  15. OKCupid<\/a><\/em><\/li>\n<\/ol>\n
    Related articles<\/h6>\n