Sucuri Security: Most Sites Have Fixed Heartbleed FlawSucuri Security: Most Sites Have Fixed Heartbleed Flaw
The world's top 1,000 websites have protected their servers against the Heartbleed security flaw, according to Sucuri Security. However, up to 2 percent of the top 1 million websites across the globe were still vulnerable as of last week.
April 21, 2014
The world’s top 1,000 websites are now protected against the Heartbleed security flaw, according to Sucuri Security, a California-based Web monitoring and malware cleanup services provider. However, Sucuri said that thousands of websites are still vulnerable to Heartbleed.
According to Sucuri, of the top 10,000 websites, 0.53 percent were vulnerable, as were 1.5 percent of the top 100,000 and 2 percent of the top 1 million.
Daniel Cid, Sucuri’s Chief Technology Officer, told Computerworld that of the top 1,000 websites (ranked by Web traffic data provider Alexa Internet), all of these sites were either immune or had been patched with the newest OpenSSL libraries.
In addition, Cid noted that Sucuri has yet to find out whether sites have been reissued new certificates, but he said that he’ll find out soon enough.
“I bet the results will be much much worse on that one,” Cid told Computerworld.
Google (NASDAQ: GOOG) and Finnish security firm Codenomicon released details about Heartbleed earlier this month. Here’s how Google and Codenomicon describe the Heartbleed security flaw on the Heartbleed dedicated website:
“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”
Heartbleed has affected many managed service providers (MSPs) and their customers. And as the Heartbleed website points out, “as long as the vulnerable version of OpenSSL is in use, it can be abused.”
Several online tools are available to detect Heartbleed-vulnerable sites, including a free online service from Qualys and Heartbleed vulnerability assessments from CloudPassage with CloudPassage Halo.
About the Author(s)
You May Also Like