- Oct 23, 2012
- 12,527
Last month, a new security flaw came to light known as HeartBleed. HeartBleed is a flaw in a widely used cryptography package, and was found to affect around 600,000 servers worldwide. It could be used toacquire passwords, login info, and even encryption data. According to Ars Technica, two recent estimates show that it is still prevalent today.
As of a little more than four weeks ago, a scan performed by the CEO of Errata Security, Rob Graham had found that about 615,268 were vulnerable to this attack, and on Thursday, another scan showed a little more than half the previous amount were affected; about 318,239 servers which still run the OpenSSL crypto library that enables the "Heartbeat" feature where the flaw lies encased in the code. Although a separate scan was performed with somewhat varied techniques, which suggested that slightly less than half of the servers believed to be affected still remain subject to exploitation. The tool which had been used was named the TLS Prober by a researcher known as Yngve. Using this tool, he found that 5.36% of all servers were affected by HeartBleed as of April 11, only a few days after the exploit had been disclosed. In his latest blog post, he claimed that 2.33% of servers are still affected today. Although this number does not include servers which provide a VPN or email service.
Yngve had also stated that the number of servers using vulnerable encryption accelerators manufactured by F5 had not changed by much, and that the reason may be due to new F5 BigIP systems coming up that arestill vulnerable to the HeartBleed attack. The researcher stated that "As BigIP servers are used by sites serving large number
Source: Vivaldi via Ars Technica | Image via Bitelia
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
