All the latest UK technology news, reviews and analysis


Heartbleed flaw still a threat to more than 300,000 servers

23 Jun 2014
Heartbleed has created problems across the web world

More than 300,000 web servers remain at risk from the Heartbleed OpenSSL flaw, two and a half months since it was first uncovered.

Security researchers at Errata Security said that by running a simple scan of servers it found only 9,000 had been patched since the last time it ran a test a month ago, as security researcher at the firm Robert Graham explained.

“When the Heartbleed vulnerability was announced, we found 600,000 systems vulnerable. A month later, we found that half had been patched, and only 318,239 were vulnerable. Last night, now slightly over two months after Heartbleed, we scanned again, and found 309,197 still vulnerable,” he said.

Graham said that as Heartbleed stopped being covered so extensively in the press it appears interest or awareness in patching systems dropped off.

“This indicates people have stopped even trying to patch. We should see a slow decrease over the next decade as older systems are slowly replaced. Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable.”

Graham said he would continue to run a scan of systems, with one planned for next month, then at the six-month and year mark to see how the number had fallen.

The Heartbleed bug led to much soul-searching in the security community as experts wondered how such a major issue could have lain dormant for so long. Tech firms then stumped up more funding to help the Linux Foundation hire two full-time members of staff to work on the OpenSSL standard.

Since the Heartbleed flaw came to light another major OpenSSL flaw had been uncovered, after 16 years remaining hidden, with the Linux Foundation warning that more flaws could come to light as scrutiny on OpenSSL increases.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Dan Worth
About

Dan Worth is the news editor for V3 having first joined the site as a reporter in November 2009. He specialises in a raft of areas including fixed and mobile telecoms, data protection, social media and government IT. Before joining V3 Dan covered communications technology, data handling and resilience in the emergency services sector on the BAPCO Journal

View Dan's Google+ profile

More on Networks
What do you think?
blog comments powered by Disqus
Poll

Green IT poll

How important is it to your business that a cloud provider uses renewable energy like solar or wind to power their data centres?
22%
6%
3%
2%
67%

Popular Threads

Powered by Disqus
Xperia Z2 vs Galaxy Note 3 video review.jpg

Xperia Z2 vs Galaxy Note 3 video review

We pit Sony's 2014 flagship against Samsung's ruling phablet

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Service Desk / Helpdesk Analyst - MS Windows, Office, Blackberry

Service Desk / Helpdesk Analyst - MS Windows, Office...

Network Infrastructure Analyst - Cisco, CCNP, MPLS, VOIP

Network Infrastructure Analyst – Cisco, CCNP, MPLS, VOIP...

Service Desk Analyst - Windows, Citrix, MS Office, ITIL

Service Desk Analyst – Windows, Citrix, MS Office, ITIL...
To send to more than one email address, simply separate each address with a comma.