All the latest UK technology news, reviews and analysis

Heartbleed flaw still a threat to more than 300,000 servers

23 Jun 2014
Heartbleed has created problems across the web world

More than 300,000 web servers remain at risk from the Heartbleed OpenSSL flaw, two and a half months since it was first uncovered.

Security researchers at Errata Security said that by running a simple scan of servers it found only 9,000 had been patched since the last time it ran a test a month ago, as security researcher at the firm Robert Graham explained.

“When the Heartbleed vulnerability was announced, we found 600,000 systems vulnerable. A month later, we found that half had been patched, and only 318,239 were vulnerable. Last night, now slightly over two months after Heartbleed, we scanned again, and found 309,197 still vulnerable,” he said.

Graham said that as Heartbleed stopped being covered so extensively in the press it appears interest or awareness in patching systems dropped off.

“This indicates people have stopped even trying to patch. We should see a slow decrease over the next decade as older systems are slowly replaced. Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable.”

Graham said he would continue to run a scan of systems, with one planned for next month, then at the six-month and year mark to see how the number had fallen.

The Heartbleed bug led to much soul-searching in the security community as experts wondered how such a major issue could have lain dormant for so long. Tech firms then stumped up more funding to help the Linux Foundation hire two full-time members of staff to work on the OpenSSL standard.

Since the Heartbleed flaw came to light another major OpenSSL flaw had been uncovered, after 16 years remaining hidden, with the Linux Foundation warning that more flaws could come to light as scrutiny on OpenSSL increases.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Dan Worth

Dan Worth is the news editor for V3 having first joined the site as a reporter in November 2009. He specialises in a raft of areas including fixed and mobile telecoms, data protection, social media and government IT. Before joining V3 Dan covered communications technology, data handling and resilience in the emergency services sector on the BAPCO Journal

View Dan's Google+ profile

More on Networks
What do you think?
blog comments powered by Disqus

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Freelance Mid-weight Digital Producer

Our client is a renowned agency based in the heart of...

Digital Project Analyst - Digital Web / App Agency

Digital Project Analyst - Digital Web / App Agency London...

Lead Business Analyst - IFRS - 12 Month Contract

Lead Business Analyst - IFRS 9 - 12 Month Contract...

Traffic Manager

Our client is one of the world's leading creative agencies...
To send to more than one email address, simply separate each address with a comma.