Earlier about 600,000 systems were vulnerable to HeartBleed. On Saturday, Errata Security’s Robert Graham, says that after a two month of the vulnerability expose, still 300,000 were still vulnerable to HeartBleed. The scan was perform on 20th June and there were 309,197 system are still vulnerable, he added.
Graham says that is not the good sign, that people are not concerns about the security, they even not trying to patch the vulnerability.
Graham added in a blog post-
“We should see a slow decrease over the next decade as older systems are slowly replaced,” “Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable.”If you are using OpenSSL on your business then it is recommend to patch the vulnerability. As HeartBleed is on of critical vulnerability in the internet history, which can expose the inside data of your organisation system.
You all can simply patch the HeartBleed by following guidelines provided on the OpenSSL page. If you are still running vulnerable systems should update their encryption keys too, as they may have already been stolen.
You should mainly check for the HeartBleed if you are hosting your site on the shared hosting. As Shared hosting sites are comparatively cheaper then the dedicated hosting and many of these systems are not created with security in mind - they are very cheap, meant for low budget websites, and the hosting company doesn't care much about the data on them.