300,000 Websites Still Haven’t Patched Against Heartbleed

Future Tense
The Citizen's Guide to the Future
June 23 2014 4:45 PM

300,000 Websites Still Haven’t Patched Against Heartbleed

Vulnerable Heartbleed sites still lurk in the shadows of the Internet.

Logo by Codenomicon.

It's been about 2 ½ months since the discovery of the Heartbleed vulnerability, and most of the sites you use every day have since been patched. All the major social networks—plus popular services from giants like Google, Apple, and Microsoft—acted quickly to fix the problem. But there's another side of the Internet, a less secure and seedier side. It's also a big side. According to a new report, 300,000 websites still haven't been patched against Heartbleed.

Robert Graham at Errata Security reports that 318,239 sites were still vulnerable at the beginning of May and 309,197 systems remain at risk. Back in April, when Heartbleed came to light, Graham found 615,268 sites at risk. It seems like the patching craze is tapering off, and the sites that are left are not going to be patched anytime soon—if at all.


Graham plans to check the number again next month and in September at the six-month anniversary of Heartbleed. He writes:

This [number] indicates people have stopped even trying to patch. We should see a slow decrease over the next decade as older systems are slowly replaced. Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable.

In the comments on his post, Graham notes that he has decided not the publish the list of sites that are still vulnerable because he doesn't want to make it even easier for hackers to know which sites to target with Heartbleed attacks. Though your favorite sites are probably safe, it’s important to keep in mind as you amble around the Internet that poorly maintained sites could still be at risk.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.


Justice Ginsburg’s Crucial Dissent in the Texas Voter ID Case

The Jarring Experience of Watching White Americans Speak Frankly About Race

How Facebook’s New Feature Could Come in Handy During a Disaster

The Most Ingenious Teaching Device Ever Invented

Sprawl, Decadence, and Environmental Ruin in Nevada

View From Chicago

You Should Be Able to Sell Your Kidney

Or at least trade it for something.

Space: The Next Generation

An All-Female Mission to Mars

As a NASA guinea pig, I verified that women would be cheaper to launch than men.

Terrorism, Immigration, and Ebola Are Combining Into a Supercluster of Anxiety

The Legal Loophole That Allows Microsoft to Seize Assets and Shut Down Companies

  News & Politics
Oct. 19 2014 1:05 PM Dawn Patrol Justice Ruth Bader Ginsburg’s critically important 5 a.m. wake-up call on voting rights.
Business Insider
Oct. 19 2014 11:40 AM Pot-Infused Halloween Candy Is a Worry in Colorado
Oct. 17 2014 5:26 PM Judge Begrudgingly Strikes Down Wyoming’s Gay Marriage Ban
  Double X
The XX Factor
Oct. 17 2014 4:23 PM A Former FBI Agent On Why It’s So Hard to Prosecute Gamergate Trolls
  Slate Plus
Slate Picks
Oct. 17 2014 1:33 PM What Happened at Slate This Week?  Senior editor David Haglund shares what intrigued him at the magazine. 
Oct. 19 2014 4:33 PM Building Family Relationships in and out of Juvenile Detention Centers
Future Tense
Oct. 17 2014 6:05 PM There Is No Better Use For Drones Than Star Wars Reenactments
  Health & Science
Space: The Next Generation
Oct. 19 2014 11:45 PM An All-Female Mission to Mars As a NASA guinea pig, I verified that women would be cheaper to launch than men.
Sports Nut
Oct. 16 2014 2:03 PM Oh What a Relief It Is How the rise of the bullpen has changed baseball.