Security researcher Robert Graham of Errata Security notes that 309,197 servers are still at risk, though it has gone down from the 600,000 systems found when Heartbleed was first announced in April.
“This indicates people have stopped even trying to patch. We should see a slow decrease over the next decade as older systems are slowly replaced,” wrote Graham via blog post. “Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable.”
Additionally, Graham also stated that he will continue to scan on port 443 next month, again in six months, and then yearly to “track the progress” of the amount of vulnerable websites.
Researchers with Google and security firm Codenomicon first discovered the Heartbleed bug in the OpenSSL software, a free encryption tool used by two-thirds of Internet servers, in early April.
The vulnerability allows hackers to easily access sensitive information such as passwords, Social Security numbers, healthcare data, bank information, and credit cards.
By the end of April, the top 1,000 sites in the world have responded to the bug and secured their sites.
|Steadfast Colocation, Support | Chicago and New Jersey|
- Three locations: Two in downtown Chicago, one in Edison, New Jersey
- 100% Uptime SLA in Tier II and Tier III data centers
- Multiple carrier options available
- Meets regulatory compliance: SSAE16 and SAS70 audited
- Management Available, allowing more time for your core business
- Heartbleed Bug Poses Serious Threat To Internet Servers
- Use Webmin to Check and Update OpenSSL to Fix Heartbleed
- The Linux Foundation Aims To Prevent Future Heartbleed Bugs With Its Core Infrastructure Initiative
- HealthCare.gov Users Urged To Change Passwords Due To Heartbleed Bug
- Coviant Software Confirms No Heartbleed Bug in Diplomat Managed File Transfer Products