From The Blog

Monday, 23 June 2014 06:57

Less than Half of Heartbleed Vulnerable Systems Patched - 309,000 Still Open

Written by

Reading time is around minutes.

Over the course of the years you have read many (many, many) articles about security. These articles have ranged from details on specific breaches to general security information. One of the big areas that we cover is the lack of motivation to maintain proper security in the cloud and also on the internet. We have talked at length about the way many businesses treat security from a planning view or even in the face of a real threat.

If you need a good example of this just take a look at the recent hubbub over Heartbleed. Although this patch is listed as critical, can result in loss of client data and even worse. Less than half of the originally reported 600,000 servers have been patched to fix this flaw. According to David Graham there was a rush to patch right after Heartbleed was announced (again). Around 280,000 servers were patched shortly after Heartbleed was announced, but since that time only about 9,000 have been patched leaving around 309,000 still exposed.

Graham fears that because Heartbleed is no longer making headlines people are not even trying to patch their systems (security by obscurity). This is not a good way to fly, while the consumer and the rest of the market might forget about a flaw or vulnerability, hackers and other malicious individuals do not. These systems are left completely open to this flaw and all that can happen with it.

Graham also says that the number of exposed systems could be much higher as companies start blocking the scan he uses to detect the vulnerable version of OpenSSL. It is sort of sad to see that many servers till unpatched when the upgrade to OpenSSL is not that difficult to perform and the down time associated with it far outweighs potential lost revenue.

Makes you wonder doesn’t it?

Discuss

Read 1928 times Last modified on Monday, 23 June 2014 07:00

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.