Security researchers report that “more than 300,000 servers” remain “vulnerable to the Heartbleed bug” – two months after its existence was first announced, according to an article recently published on the Web Host Industry Review website. The article indicates that the research team at Errata Security has found that hundreds of thousands of servers are open to attack. Errata confirmed, according to information in the report, that the amount of “vulnerable systems” have remained “steady since a month ago.” Unfortunately, this data suggests the individuals responsible for maintaining these servers have “stopped trying to patch“, according to the report.
A statement from Errata noted in the article that there will be a “slow decrease over the next decade as older systems are replaced” and over the next 10 years “thousands of systems, including critical ones” will be found “still vulnerable.” Errata Security‘s owner, Robert Graham continued to speak about this ongoing vulnerability and was quoted in the article to say, “I suspect the reason is that this time, people detected my Heartbleed ‘attacks’ and automatically firewalled me before the scan completed. Or, another problem is that I may have more traffic congestion at my ISP, which would reduce numbers.”
The article states that in May Errata and Graham’s team “found 1.5 million systems supporting the heartbeat feature, with all but the 300,000 infected systems patched.” Graham notes that these findings and data shows that those first responding to the issue “disable heartbeats, and then after people correctly patched the software, heartbeats were re-enabled.” Researchers at Errata have plans to “keep track of progress” by scanning again, according to the article, in one month, again in six, and again annually which will continually gather data and assist in the prevention of attacks against vulnerabilities like this in the future.