You can now find Cyber Kendra on Google News!

300K servers are still vulnerable to HeartBleed, After Two Months

A large number of sites are still vulnerable to Heartbleed, 300K servers are still vulnerable to HeartBleed, After Two Months, The massive security vulnerability known as... ... Heartbleed Still Affects More Than 300,000 Servers,
HeartBleed, vulnerable , OpenSSL , Google, Yahoo, Microsoft, Facebook, twitter, Amazon , eBay
Its two months after the revealed of one of the biggest vulnerability on the internet history, 'HeartBleed' . HeartBleed is one of the potential critical security vulnerability in OpenSSL has been discovered by a independent security firm Codenomicon along with the Neel Mehta a Google Security engineer, that allows an attacker to read up to 64kilobytes of memory from the server running a vulnerable OpenSSL version.

Almost every website was vulnerable to HeartBleed, including tech giants site, Google, Yahoo, Microsoft, Facebook, twitter, Amazon , eBay etc.. along with banking and financial institute sites, Government portals and other security concerns organisations site.

Earlier about 600,000 systems were vulnerable to HeartBleed. On Saturday, Errata Security’s Robert Graham, says that after a two month of the vulnerability expose, still 300,000 were still vulnerable to HeartBleed. The scan was perform on 20th June and there were 309,197 system are still vulnerable, he added.

Graham says that is not the good sign, that people are not concerns about the security, they even not trying to patch the vulnerability.

Graham added in a blog post-
“We should see a slow decrease over the next decade as older systems are slowly replaced,”  “Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable.”
If you are using OpenSSL on your business then it is recommend to patch the vulnerability. As HeartBleed is on of critical vulnerability in the internet history, which can expose the inside data of your organisation system.

You all can simply patch the HeartBleed by following guidelines provided on the OpenSSL page.   If you are  still running vulnerable systems should update their encryption keys too, as they may have already been stolen.

You should mainly check for the HeartBleed if you are hosting your site on the shared hosting. As Shared hosting sites are comparatively cheaper then the dedicated hosting and many of these systems are not created with security in mind - they are very cheap, meant for low budget websites, and the hosting company doesn't care much about the data on them.

Post a Comment