51.5% of the Servers impacted by Heart Bleed Vulnerability yet to be Patched up

Is it lack of awareness or Is it lack of understanding or Is it a lackadaisical and adhoc response to an emergency situation that has severely shaken up the Security world along the way damaging the reputation of Open Source Software?

Since the Heart Bleed security flaw was discovered 2 months ago, (Heartbleed, the greatest security flaw to hit the web) the action has been painfully slow in putting the vulnerability to rest.

When we take a corrective action post the event, we are supposed to be reactive which is less preferred compared to action prior to the event which is a preventive or proactive approach. In this case despite the warnings by the security experts about the impending threat, the action so far has been lukewarm and half-hearted.

As per Robert David Graham from Errata security, who initially announced post the discovery of the potential security foible, that 600, 000 servers are at risk, revised his list two months later to 309,197 servers . It means a whopping 51.5% of the servers identified have still not been patched up!

It is a callous attitude betrayed by the high priests of Security that leaves customers confidential and sensitive information  being vulnerable to a man in the middle attack.

It is a grave situation indeed,  as a large number of servers using the OpenSSL protocol (Which is a very popular one)  are vulnerable to the Heartbleed bug,  which causes a person with malicious intent to literally view the data passing between the client and the server and so lots of people are at risk of their information being up for grabs.

The main things to do for the server administrators would be to update OpenSSL to the latest version and also to revoke and reissue existing security certificates.

Let us hope that soon most if not all of the servers are updated soon to be safe from this vulnerability,  which some regard to be the biggest vulnerability in the history of the Internet,  affecting even giants like Google and Yahoo.


One thought on “51.5% of the Servers impacted by Heart Bleed Vulnerability yet to be Patched up”

What are your Thoughts? Speak your Mind!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s