Security researcher Robert Graham of Errata Security notes that 309,197 servers are still at risk, though it has gone down from the 600,000 systems found when Heartbleed was first announced in April.
“This indicates people have stopped even trying to patch. We should see a slow decrease over the next decade as older systems are slowly replaced,” wrote Graham via blog post. “Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable.”
Additionally, Graham also stated that he will continue to scan on port 443 next month, again in six months, and then yearly to “track the progress” of the amount of vulnerable websites.
Researchers with Google and security firm Codenomicon first discovered the Heartbleed bug in the OpenSSL software, a free encryption tool used by two-thirds of Internet servers, in early April.
The vulnerability allows hackers to easily access sensitive information such as passwords, Social Security numbers, healthcare data, bank information, and credit cards.
By the end of April, the top 1,000 sites in the world have responded to the bug and secured their sites.
|Dedicated Servers | Work with Steadfast Experts|
- Steadfast experts design, implement and support your custom solution
- 100% Uptime SLA, and easy growth options for your business
- 24/7/365 onsite support; 2 hour hardware replacement
- On-demand DNS management, security assessments and antivirus protection
- 50 GB backup space included
- Heartbleed Bug Poses Serious Threat To Internet Servers
- Use Webmin to Check and Update OpenSSL to Fix Heartbleed
- The Linux Foundation Aims To Prevent Future Heartbleed Bugs With Its Core Infrastructure Initiative
- HealthCare.gov Users Urged To Change Passwords Due To Heartbleed Bug
- Coviant Software Confirms No Heartbleed Bug in Diplomat Managed File Transfer Products