Around 200,000 Systems Are Vulnerable in 2017 to Heartbleed

OpenSSL Heartbleed vulnerability discovered around two and half years but still the flaw is alive in many organisations.

It was one of the biggest flaws in the Internet's history that affected the core security of as many as two-thirds of the world's servers i.e. half a million servers at the time of its discovery in April 2014.

However, the critical bug still affects over 200,00 systems even after 2 years and 9 months have already passed, according to a new report published today on Shodan, a search engine that scans for vulnerable devices.

So What exactly the Heartbleed ?
Heartbleed (CVE-2014-0160) was a serious bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allowed intruders to read portions of the affected server’s memory, potentially revealing users data that the server isn't intended to reveal.

According to Shodan CEO John Matherly, about 200,000 services remain exploitable by the Heartbleed vulnerability due to unpatched OpenSSL instances.

The countries most affected by Heartbleed still remain the United States, followed by Korea, China, Germany, France, Russian Federation, United Kingdom, India Brazil and Italy.

Matherly discovered 42,032 heartbleed-exploitable services in the United States, 15,380 in Korea, 14,116 in China, and 14,072 services in Germany.

With top organizations vulnerable to the OpenSSL bug is SK Broadband and Amazon.com, and about 75,000 of the vulnerable services use expired SSL certificates and run Linux 3.x.

However, Heartbleed flaw is more critical and probably the biggest Internet flaw in recent history as it left the contents of a server's memory, where the most sensitive data is stored, exposed to the intruders.

In order to protect yourself from Hearbleed, you must ensure that your software are patched and updated, reissuance of security certificates, creation of new private keys,etc.

Share on Google Plus

About S O D M Z S The Solonist