It’s been two months since the Heartbleed bug was discovered by a Google engineer. Businesses and websites scrambled to patch the exploit, but there are still more than 300,000 servers that remain vulnerable to the exploit.
What’s the Heartbleed bug? It’s a security exploit that impacts OpenSSL. If a hacker exploits the bug on a server that hasn’t been patched, account details such as usernames and passwords can easily be compromised.
David Graham, a security researcher for Errata Security, took a look at how many servers were at risk shortly after the Heartbleed bug was made public. Two months ago, the number stood at nearly 600,000. One month ago, 318,239 servers were still at risk. Today, that number stands at 309,197 servers.
People have pretty much stopped trying to patch systems. Some of this could be ignorance of the situation by server owners. Some could be forgotten websites that aren’t being updated anymore.
What does this mean for you? Any major site that was affected quickly patched the problem months ago. Still worried? Use McAfee’s free checker to double-check any sites you frequent.
Graham sees the Heartbleed bug vulnerability persisting in the future. “Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable,” Graham says.
Graham plans to release another sever count next month, then at 6 months and yearly after that.