300k servers worldwide still vulnerable to Heartbleed a month after discovery

9 May 2014

Exactly one month after the Heartbleed security vulnerability was discovered, a security expert claims 300,000 servers in the world are still under threat from the bug.

Last month, researchers found a massive flaw in OpenSSL, an online encryption program used by thousands of websites worldwide that can be manipulated to send the content of a computer’s random access memory (RAM). OpenSSL is used on public-facing websites, such as Gmail, Facebook and PayPal, and it is believed that up to 17pc of the internet could be vulnerable to the bug.

Errata Security researcher Robert Graham has revealed that after scanning the internet – focusing on the port 443 of IPv4 where the vulnerability is most common – he found 318,239 systems that are still vulnerable to Heartbleed.

This is down from more than 600,000 a month ago.

“The numbers are a little strange,” Graham wrote in the Errata blog.

“Last month, I found 28m systems supporting SSL, but this month I found only 22m. I suspect the reason is that this time, people detected my Heartbleed ‘attacks’ and automatically firewalled me before the scan completed. Or, another problem is that I may have more traffic congestion at my ISP, which would reduce numbers. (I really need to do a better job detecting that).

“Last month, I found 1m systems supporting the ‘heartbeat’ feature (with one-third patched). This time, I found 1.5m systems supporting the ‘heartbeat’ feature, with all but the 300k patched.

“This implies to me that the first response to the bug was to disable heartbeats, then later when people correctly patched the software, heartbeats were re-enabled. Note that only OpenSSL supports heartbeats, meaning that the vast majority of SSL-supporting servers are based on software other than OpenSSL,” Graham wrote.

Tech heart image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com