Almost 200K Websites Affected by the OpenSSL HeartBleed Vulnerability…and counting!
The ‘Open SSL HeartBleed’ vulnerability was one of the biggest flaws in the Internet’s history that affected the core security of as many as two-thirds of the world’s servers i.e. half a million servers at the time of its discovery in April 2014.
It has been more than two and half years since the discovery of the critical cyber crime OpenSSL Heartbleed vulnerability, but the flaw is still alive as it appears that many organizations did not remediate properly to the serious security glitch. According to The Hacker News, the critical bug still affects more than 199,500 systems even after 2 years and 9 months have already passed, according to a new report published today on Shodan, a search engine that scans for vulnerable devices.
Heartbleed (CVE-2014-0160) was a serious bug in the OpenSSL’s implementation of the TLS/DTLS heartbeat extension that allowed attackers to read portions of the affected server’s memory, potentially revealing users data that the server isn’t intended to reveal.
It takes roughly three steps to remediate the Heartbleed bug:
- Patching: Update your software to the latest versions of OpenSSL; thankfully almost all organization have accomplished this step.
- Creation of New Private Keys: Creating new private keys will prevent an attacker, who already exploited the flaw before patching, from being able to spy on your encrypted.
- Reissuance of Security Certificates: This step will eliminate the ability of any attacker to spoof organizations and fool or phish their customers.