LinkBack URL
About LinkBacks
The so-called Heartbleed flaw, a vulnerability in much-used encryption standard OpenSSL, was revealed 2 months after, but over 300k systems connected to the Internet are still unprotected against the attacks exploiting the bug. So, two months ago the security researchers scanned web servers and other connected devices and found out that 600,000 systems were affected.
A month after the bug was found, over 300,000 systems were still vulnerable to attack, and their number didn’t change much over the last 30 days. This means that people don’t even try to patch. However, the experts believe that they will see a slow decrease over the next decade with older systems being slowly replaced. Though even over a decade there will be thousands of vulnerable systems out there.
Security specialists remind that Heartbleed can be fixed by updating OpenSSL: this can be achieved by following the correct links on the project’s official site or by updating OS containing the code. If you still run vulnerable systems, you should update their encryption keys as well, because they may have already been stolen.
The problem is that while servers running many popular websites remained vulnerable due to Heartbleed, which caused compromises of data on a handful of websites, other devices could also be attacked if left open: CCTV cameras, webcams, baby monitors and mobile apps. It is known that the hackers can steal valuable information including the encryption keys from vulnerable computers by tricking them into revealing that data from their memory.
Some believed that Heartbleed was a virus, but in fact it was just a weakness in the design of the OpenSSL software that the hackers could exploit. Now people got used to auto update and therefore don’t care about manual intervention into the system – they consider it as an unusual experience for most admins.
There were also many Linux OS versions with the flawed code. Security outfits point out that any updated system based on the old distributions would be vulnerable. As such, lots of machines that remain vulnerable may belong to large hosting companies. Indeed, many hosting companies that provide shared hosting environments in Linux have not been updated, simply because they believe that Linux systems were not created with security in mind.
Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!
Results 1 to 1 of 1
-
06-28-2014 #1Donor
- Reputation Points
- 72677
- Reputation Power
- 100
- Join Date
- Dec 2012
- Posts
- 4,446
- Time Online
- 404 d 10 h 13 m
- Avg. Time Online
- 2 h 24 m
- Mentioned
- 1011 Post(s)
- Quoted
- 454 Post(s)
- Liked
- 4653 times
- Feedbacks
- 44 (100%)
50% Systems Remain Vulnerable to Heartbleed
Reply With QuoteLinkBacks (?)
-
06-28-2014, 08:48 PM
-
06-28-2014, 08:46 PM
