People no longer bothering to patch Heartbleed, researcher says

Data Jimmy Nicholls

10:07, June 23 2014


Should we be worried thousands of systems are still vulnerable?

A mass scan checking whether computer systems are still vulnerable to Heartbleed has revealed people are no longer bothering to patch the bug, according to a researcher from Errata Security.

Robert Graham found that the number of machines at risk had barely reduced last month from 300,000 when he performed a widespread scan of port 443, used by the secure web protocol HTTPS.

He said: "This indicates people have stopped even trying to patch. We should see a slow decrease over the next decade as older systems are slowly replaced."

When the Heartbleed bug was first revealed a similar scan showed 600,000 systems were vulnerable to it out of more than 28 million with an SSL connection.

"Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable," he added.

Asked whether he had contacted any of the website owners affected, he said: "Of course I'm not reaching out to them. It would cause more problems than it would solve."

Security researchers have long predicted that the repercussions of Heartbleed would take time to play out, with Hugh Thompson of security firm Blue Coat telling CBR last month that the vulnerability would have "a very long tail".

The bug allows hackers to listen in on conversations between computers during the digital handshake between clients and servers, also known as a heartbeat.

Backed by companies such as Microsoft, Amazon and Facebook, the Linux Foundation is currently working to improve the security technology, used by many of the biggest websites in the world.

Source: Company Press Release

get a cbr Cyber Security weekly update

Terms & Conditions & Privacy Policy.


Post a comment

Comments may be moderated for spam, obscenities or defamation.