Need help? Chat now!
Search results for:
According to an article recently published on the Web Host Industry Review website, security researchers report that "more than 300,000 servers_" remain "_vulnerable to the Heartbleed bug_" – two months after its existence was first announced. The article indicates that the research team at Errata Security has found hundreds of thousands of servers are open to attack. According to information in the report, Errata confirmed that the amount of "_vulnerable systems_" has remained "_steady since a month ago." Unfortunately, this data suggests the individuals responsible for maintaining these servers have "_stopped trying to patch_", according to the report.
A statement from Errata noted in the article that there would be a "slow decrease over the next decade as older systems are replaced_" and over the next ten years, "_thousands of systems, including critical ones_" will be found "_still vulnerable." Errata Security's owner, Robert Graham, continued to speak about this ongoing vulnerability and was quoted in the article to say, "I suspect the reason is that this time, people detected my Heartbleed 'attacks' and automatically firewalled me before the scan completed. Or, another problem is that I may have more traffic congestion at my ISP, which would reduce numbers."
The article states that in May, Errata and Graham's team "found 1.5 million systems supporting the heartbeat feature, with all but the 300,000 infected systems patched." Graham notes that these findings and data show that those first responding to the issue "disable heartbeats, and then after people correctly patched the software, heartbeats were re-enabled." According to the article, researchers at Errata have plans to "_keep track of progress_" by scanning again, according to the report, in one month, again in six, and again annually, which will continually gather data and assist in the prevention of attacks against vulnerabilities like this in the future.
Read more in the complete article about how Heartbleed is keeping security professionals busy and measuring their level of frustration and patience.
Written by Bryon Turcotte / June 23, 2014