The massive security vulnerability known as “Heartbleed” dominated headlines for most of April, but more than 300,000 servers are still susceptible to Heartbleed, according to Errata Security researcher Robert David Graham (via ZDNet).
Heartbleed is a vulnerability in the way your web browser talks to a website over an encrypted channel. This leaves your communication open to potential attackers looking for information linked to banks, e-commerce sites, and other places around the web that use your identifying information.
The Heartbleed bug remained hidden in the OpenSSL software that secures web communications for years, until it was first discovered on April 1 by Neel Mehta of Google’s security team.
When Heartbleed was initially announced, Graham said there were about 615,268 servers vulnerable to the bug. A month later, he found only 318,239 vulnerable servers, meaning about half of the servers exposed to Heartbleed had been patched. But Graham’s most recent findings announced Saturday, which show 309,197 servers still vulnerable, are a bit troubling:
“This indicates people have stopped even trying to patch,” Graham said. “We should see a slow decrease over the next decade as older systems are slowly replaced. Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable. I’ll scan again next month, then at the 6 month mark, and then yearly after that to track the progress.”
Until more servers are patched, here’s what you can do to keep you and your data protected while on the Web: