Sucuri Security: Most Sites Have Fixed Heartbleed Flaw

The world's top 1,000 websites have protected their servers against the Heartbleed security flaw, according to Sucuri Security. However, up to 2 percent of the top 1 million websites across the globe were still vulnerable as of last week.

Dan Kobialka, Contributing writer

April 21, 2014

2 Min Read
Sucuri Security said that the world39s top 1000 websites are now protected against the Heartbleed security flaw
Sucuri Security said that the world's top 1,000 websites are now protected against the Heartbleed security flaw.

The world’s top 1,000 websites are now protected against the Heartbleed security flaw, according to Sucuri Security, a California-based Web monitoring and malware cleanup services provider. However, Sucuri said that thousands of websites are still vulnerable to Heartbleed.

According to Sucuri, of the top 10,000 websites, 0.53 percent were vulnerable, as were 1.5 percent of the top 100,000 and 2 percent of the top 1 million.

Daniel Cid, Sucuri’s Chief Technology Officer, told Computerworld that of the top 1,000 websites (ranked by Web traffic data provider Alexa Internet), all of these sites were either immune or had been patched with the newest OpenSSL libraries.

In addition, Cid noted that Sucuri has yet to find out whether sites have been reissued new certificates, but he said that he’ll find out soon enough.

“I bet the results will be much much worse on that one,” Cid told Computerworld.

Google (NASDAQ: GOOG) and Finnish security firm Codenomicon released details about Heartbleed earlier this month. Here’s how Google and Codenomicon describe the Heartbleed security flaw on the Heartbleed dedicated website:

“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”

Heartbleed has affected many managed service providers (MSPs) and their customers. And as the Heartbleed website points out, “as long as the vulnerable version of OpenSSL is in use, it can be abused.”

Several online tools are available to detect Heartbleed-vulnerable sites, including a free online service from Qualys and Heartbleed vulnerability assessments from CloudPassage with CloudPassage Halo.

About the Author(s)

Dan Kobialka

Contributing writer, Penton Technology

Dan Kobialka is a contributing writer for MSPmentor and Talkin' Cloud. In the past, he has produced content for numerous print and online publications, including the Boston Business Journal, Boston Herald and Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State College (now Bridgewater State University). In his free time, Kobialka enjoys jogging, traveling, playing sports, touring breweries and watching football (Go Patriots!).  

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like