Heartbleed Still A Threat To 300-Thousand Servers

Heartbleed logo on laptop

The Heartbleed bug, which was revealed in April as a serious threat to all websites using OpenSSL, has caused system administrators to scramble to update and patch servers. Even after months of work, however, a recent report found more than 300-thousand servers still vulnerable. At PC Mag, Stephanie Mlot explains why there are still websites can’t be trusted.

Errata Security conducted the scan that revealed 309,197 servers are still vulnerable to Heartbleed. That’s down from the 600-thousand vulnerable systems at the first report of the bug, but according to the security company, suggests some administrators have stopped any efforts to patch their servers. That likely means these vulnerable websites will remain until outdated technology is replaced, which could leave vulnerable servers in place for a decade.

This is a serious concern for web users because there’s nothing they can do to improve the security of these vulnerable site from their end. The best course of action is to regularly change passwords and be sure to use a unique password for each online account. Using this practice ensures that only one account is compromised if a criminal gets your log in credentials and regularly changing passwords ensures that compromised accounts won’t stay compromised for long.

If your servers haven’t been updated since news of Heartbleed broke, or you haven’t tested to see if you’re vulnerable, you’re running a significant risk.

At Geek Rescue, we handle security for both individual users and organizations. Let us be your IT team. Call us at 918-369-4335.

June 23rd, 2014