All the latest UK technology news, reviews and analysis


Heartbleed flaw still a threat to more than 300,000 servers

23 Jun 2014
Heartbleed has created problems across the web world

More than 300,000 web servers remain at risk from the Heartbleed OpenSSL flaw, two and a half months since it was first uncovered.

Security researchers at Errata Security said that by running a simple scan of servers it found only 9,000 had been patched since the last time it ran a test a month ago, as security researcher at the firm Robert Graham explained.

“When the Heartbleed vulnerability was announced, we found 600,000 systems vulnerable. A month later, we found that half had been patched, and only 318,239 were vulnerable. Last night, now slightly over two months after Heartbleed, we scanned again, and found 309,197 still vulnerable,” he said.

Graham said that as Heartbleed stopped being covered so extensively in the press it appears interest or awareness in patching systems dropped off.

“This indicates people have stopped even trying to patch. We should see a slow decrease over the next decade as older systems are slowly replaced. Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable.”

Graham said he would continue to run a scan of systems, with one planned for next month, then at the six-month and year mark to see how the number had fallen.

The Heartbleed bug led to much soul-searching in the security community as experts wondered how such a major issue could have lain dormant for so long. Tech firms then stumped up more funding to help the Linux Foundation hire two full-time members of staff to work on the OpenSSL standard.

Since the Heartbleed flaw came to light another major OpenSSL flaw had been uncovered, after 16 years remaining hidden, with the Linux Foundation warning that more flaws could come to light as scrutiny on OpenSSL increases.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Dan Worth
About

Dan Worth is the news editor for V3 having first joined the site as a reporter in November 2009. He specialises in a raft of areas including fixed and mobile telecoms, data protection, social media and government IT. Before joining V3 Dan covered communications technology, data handling and resilience in the emergency services sector on the BAPCO Journal

View Dan's Google+ profile

More on Networks
What do you think?
blog comments powered by Disqus
Poll

Microsoft Azure outage

Is cloud computing reliable enough for business yet?
17%
8%
17%
58%

Popular Threads

Powered by Disqus
HTC One Max has an aluminum casing and removable backplate

HTC One Max fingerprint scanner video

We see how the capacitive scanner compares with the Apple iPhone 5S Touch ID sensor

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Trading Platform Engineers/Consultants - Global Financial Markets

Technical and Customer-facing roles driving complex...

Graduate Software Developer / Technical Support

Graduate Software Developer / Graduate Support Developer...

ERP Systems Lead

An excellent senior career opportunity for the right...

Junior Developer / Developer in Test

Junior Developer / Developer in Test Location –...
To send to more than one email address, simply separate each address with a comma.