300,000 Websites Still Haven’t Patched Against Heartbleed

The Citizen's Guide to the Future
June 23 2014 4:45 PM

300,000 Websites Still Haven’t Patched Against Heartbleed

Vulnerable Heartbleed sites still lurk in the shadows of the Internet.

Logo by Codenomicon.

It's been about 2 ½ months since the discovery of the Heartbleed vulnerability, and most of the sites you use every day have since been patched. All the major social networks—plus popular services from giants like Google, Apple, and Microsoft—acted quickly to fix the problem. But there's another side of the Internet, a less secure and seedier side. It's also a big side. According to a new report, 300,000 websites still haven't been patched against Heartbleed.

Robert Graham at Errata Security reports that 318,239 sites were still vulnerable at the beginning of May and 309,197 systems remain at risk. Back in April, when Heartbleed came to light, Graham found 615,268 sites at risk. It seems like the patching craze is tapering off, and the sites that are left are not going to be patched anytime soon—if at all.


Graham plans to check the number again next month and in September at the six-month anniversary of Heartbleed. He writes:

This [number] indicates people have stopped even trying to patch. We should see a slow decrease over the next decade as older systems are slowly replaced. Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable.

In the comments on his post, Graham notes that he has decided not the publish the list of sites that are still vulnerable because he doesn't want to make it even easier for hackers to know which sites to target with Heartbleed attacks. Though your favorite sites are probably safe, it’s important to keep in mind as you amble around the Internet that poorly maintained sites could still be at risk.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.


Sports Nut

Grandmaster Clash

One of the most amazing feats in chess history just happened, and no one noticed.

The Extraordinary Amicus Brief That Attempts to Explain the Wu-Tang Clan to the Supreme Court Justices

Amazon Is Officially a Gadget Company. Here Are Its Six New Devices.

How Much Should You Loathe NFL Commissioner Roger Goodell?

Here are the facts.

Amazon Is Officially a Gadget Company


The Human Need to Find Connections in Everything

It’s the source of creativity and delusions. It can harm us more than it helps us.


How to Order Chinese Food

First, stop thinking of it as “Chinese food.”

Scotland Is Inspiring Secessionists Across America

You Shouldn’t Spank Anyone but Your Consensual Sex Partner

Sept. 17 2014 5:10 PM The Most Awkward Scenario in Which a Man Can Hold a Door for a Woman
  News & Politics
Sept. 18 2014 10:42 AM Scalia’s Liberal Streak The conservative justice’s most brilliant—and surprisingly progressive—moments on the bench.
Business Insider
Sept. 17 2014 1:36 PM Nate Silver Versus Princeton Professor: Who Has the Right Models?
The Eye
Sept. 18 2014 12:47 PM How One of the Most Prolific Known Forgers in Modern History Faked Great Works of Art
  Double X
The XX Factor
Sept. 18 2014 12:03 PM The NFL Opines on “the Role of the Female”
  Slate Plus
Slate Fare
Sept. 17 2014 9:37 AM Is Slate Too Liberal?  A members-only open thread.
Sept. 18 2014 12:37 PM The Movies May Have Forgotten About Them, but Black Cowboys Are Thriving
Future Tense
Sept. 18 2014 12:46 PM The World Is Warming. So Why Is Antarctic Sea Ice Hitting Record Highs?
  Health & Science
Bad Astronomy
Sept. 18 2014 7:30 AM Red and Green Ghosts Haunt the Stormy Night
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.