Atlanta - UPI
More than half of servers affected by the Heartbleed bug, 309,197 in total, are still vulnerable despite the frantic server patching by companies since April.
Security researcher Robert David Graham from Errata Security found that once the Heartbleed bug was discovered by Google and Condenomicon, nearly 600,000 servers were found to be affected by the bug. Despite the security risk, more the half the servers still remain susceptible, and Graham said that he is not confident all of them will be patched.
"Even a decade from now, I still expect to find thousands of systems, including critical ones, still vulnerable," he said.
In the last month only 9,042 new servers have been patched, suggesting that people have stopped trying to patch systems. The number of vulnerable systems should reduce as older systems are replaced.
The Heartbleed bug, discovered in April, impacted OpenSSL and if exploited could allow hackers access to account login details and passwords. What made Heartbleed unique was its inherent nature within the OpenSSL framework, a open source software that is used by thousands of websites. The bug led to widespread panic across the world, prompting major tech companies to launch an effort to secure their sites.
Graham said that he would continue to run scans and update the number of servers that have patched the flaw. While web users who access sites that have not patched the glitch can't do anything to patch the site, they can protect themselves by changing their passwords on such sites. They can use McAfee's free tracker to check if sites they use are secure or not.