Almost three months, and thousands of fixes later, more than 300,000 systems are still vulnerable to the Heartbleed bug.
Robert Graham of Errata Security revealed on Saturday that a recent scan found that 309,197 servers are still exposed.”This indicated people have stopped even trying to patch,” Graham wrote in a blog post.
Following the April discovery of the OpenSSL bug—which leaves encrypted data open to scammers—panic ensued as websites around the world patched their systems to avoid a breach.
At the time of the Heartbleed announcement, Errata found 600,000 vulnerable systems, which dwindled to half that number within the first month. But now, almost three months after the announcement, at least 300,000 sites are still at risk.
“We should see a slow decrease over the next decade as older systems are slowly replaced,” according to Graham, though he’s not confident that all 309,000 will be patched.
“Even a decade from now, I still expect to find thousands of systems, including critical ones, still vulnerable,” he said.
Graham said he will run another scan next month, and again in six months, and yearly thereafter “to track the progress.”
SOURCE: STEPHANIE MLOT