All the latest UK technology news, reviews and analysis


Heartbleed flaw still a threat to more than 300,000 servers

23 Jun 2014
Heartbleed has created problems across the web world

More than 300,000 web servers remain at risk from the Heartbleed OpenSSL flaw, two and a half months since it was first uncovered.

Security researchers at Errata Security said that by running a simple scan of servers it found only 9,000 had been patched since the last time it ran a test a month ago, as security researcher at the firm Robert Graham explained.

“When the Heartbleed vulnerability was announced, we found 600,000 systems vulnerable. A month later, we found that half had been patched, and only 318,239 were vulnerable. Last night, now slightly over two months after Heartbleed, we scanned again, and found 309,197 still vulnerable,” he said.

Graham said that as Heartbleed stopped being covered so extensively in the press it appears interest or awareness in patching systems dropped off.

“This indicates people have stopped even trying to patch. We should see a slow decrease over the next decade as older systems are slowly replaced. Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable.”

Graham said he would continue to run a scan of systems, with one planned for next month, then at the six-month and year mark to see how the number had fallen.

The Heartbleed bug led to much soul-searching in the security community as experts wondered how such a major issue could have lain dormant for so long. Tech firms then stumped up more funding to help the Linux Foundation hire two full-time members of staff to work on the OpenSSL standard.

Since the Heartbleed flaw came to light another major OpenSSL flaw had been uncovered, after 16 years remaining hidden, with the Linux Foundation warning that more flaws could come to light as scrutiny on OpenSSL increases.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Dan Worth
About

Dan Worth is the news editor for V3 having first joined the site as a reporter in November 2009. He specialises in a raft of areas including fixed and mobile telecoms, data protection, social media and government IT. Before joining V3 Dan covered communications technology, data handling and resilience in the emergency services sector on the BAPCO Journal

View Dan's Google+ profile

More on Networks
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
13%
4%
10%
4%
22%
4%
43%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Web developer (.NET) - digital agency - Reading - up to £50,000

Web developer (.NET) - digital agency - Reading - up...

IT Development Manager

This is a unique and senior opportunity to establish...

IT Infrastructure Manager

Closing Date: 13/10/2014 Working within a diverse and...

Business Systems Analyst

This role has arisen in a major international food manufacturing...
To send to more than one email address, simply separate each address with a comma.