It's been about 2 ½ months since the discovery of the Heartbleed vulnerability, and most of the sites you use every day have since been patched. All the major social networks—plus popular services from giants like Google, Apple, and Microsoft—acted quickly to fix the problem. But there's another side of the Internet, a less secure and seedier side. It's also a big side. According to a new report, 300,000 websites still haven't been patched against Heartbleed.
Robert Graham at Errata Security reports that 318,239 sites were still vulnerable at the beginning of May and 309,197 systems remain at risk. Back in April, when Heartbleed came to light, Graham found 615,268 sites at risk. It seems like the patching craze is tapering off, and the sites that are left are not going to be patched anytime soon—if at all.
Graham plans to check the number again next month and in September at the six-month anniversary of Heartbleed. He writes:
This [number] indicates people have stopped even trying to patch. We should see a slow decrease over the next decade as older systems are slowly replaced. Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable.
In the comments on his post, Graham notes that he has decided not the publish the list of sites that are still vulnerable because he doesn't want to make it even easier for hackers to know which sites to target with Heartbleed attacks. Though your favorite sites are probably safe, it’s important to keep in mind as you amble around the Internet that poorly maintained sites could still be at risk.
TODAY IN SLATE
Justice Ginsburg’s Crucial Dissent in the Texas Voter ID Case
The Jarring Experience of Watching White Americans Speak Frankly About Race
How Facebook’s New Feature Could Come in Handy During a Disaster
The Most Ingenious Teaching Device Ever Invented
Sprawl, Decadence, and Environmental Ruin in Nevada
You Should Be Able to Sell Your Kidney
Or at least trade it for something.
- Texas Lab Worker on Cruise Tests Negative for Ebola as Dallas Hospital Apologizes
- Police Use Tear Gas to Break Up College Pumpkin Festival Turned Violent
- Racist Rancher Cliven Bundy Challenges Eric Holder in Bizarre Campaign Ad
- Supreme Court Allows Texas Law That Accepts Handgun Permits but not College IDs to Vote
An All-Female Mission to Mars
As a NASA guinea pig, I verified that women would be cheaper to launch than men.