(Ping! Zine Web Tech Magazine) – It’s been almost three months since the OpenSSL bug known as Heartbleed was discovered, and yet there are still hundreds of thousands of systems vulnerable to attacks.
Security researcher Robert Graham of Errata Security reported last week that 309,197 servers are still at risk, though it has gone down from the 318,239 systems found last month.
“This indicates people have stopped even trying to patch. We should see a slow decrease over the next decade as older systems are slowly replaced,” wrote Graham via blog post. “Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable.”
Additionally, Graham noted that he will continue to scan on port 443 in July, again in September, and then yearly to “track the progress” of the amount of vulnerable websites.
Heartbleed was discovered in the OpenSSL software in April by researchers with Google and security firm Codenomicon.
The vulnerability allows hackers to easily access sensitive information such as passwords, Social Security numbers, healthcare data, bank information, and credit cards.
By the end of April, the top 1,000 sites in the world have responded to the bug and secured their sites.