People no longer bothering to patch Heartbleed, researcher says

Security

by Jimmy Nicholls| 23 June 2014

Should we be worried thousands of systems are still vulnerable?

A mass scan checking whether computer systems are still vulnerable to Heartbleed has revealed people are no longer bothering to patch the bug, according to a researcher from Errata Security.

Robert Graham found that the number of machines at risk had barely reduced last month from 300,000 when he performed a widespread scan of port 443, used by the secure web protocol HTTPS.

He said: "This indicates people have stopped even trying to patch. We should see a slow decrease over the next decade as older systems are slowly replaced."

When the Heartbleed bug was first revealed a similar scan showed 600,000 systems were vulnerable to it out of more than 28 million with an SSL connection.

"Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable," he added.

Asked whether he had contacted any of the website owners affected, he said: "Of course I'm not reaching out to them. It would cause more problems than it would solve."

Security researchers have long predicted that the repercussions of Heartbleed would take time to play out, with Hugh Thompson of security firm Blue Coat telling CBR last month that the vulnerability would have "a very long tail".

The bug allows hackers to listen in on conversations between computers during the digital handshake between clients and servers, also known as a heartbeat.

Backed by companies such as Microsoft, Amazon and Facebook, the Linux Foundation is currently working to improve the security technology, used by many of the biggest websites in the world.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

743 people like this.
0 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.