300,000 Websites Still Haven’t Patched Against Heartbleed

The Citizen's Guide to the Future
June 23 2014 4:45 PM

300,000 Websites Still Haven’t Patched Against Heartbleed

Vulnerable Heartbleed sites still lurk in the shadows of the Internet.

Logo by Codenomicon.

It's been about 2 ½ months since the discovery of the Heartbleed vulnerability, and most of the sites you use every day have since been patched. All the major social networks—plus popular services from giants like Google, Apple, and Microsoft—acted quickly to fix the problem. But there's another side of the Internet, a less secure and seedier side. It's also a big side. According to a new report, 300,000 websites still haven't been patched against Heartbleed.

Robert Graham at Errata Security reports that 318,239 sites were still vulnerable at the beginning of May and 309,197 systems remain at risk. Back in April, when Heartbleed came to light, Graham found 615,268 sites at risk. It seems like the patching craze is tapering off, and the sites that are left are not going to be patched anytime soon—if at all.


Graham plans to check the number again next month and in September at the six-month anniversary of Heartbleed. He writes:

This [number] indicates people have stopped even trying to patch. We should see a slow decrease over the next decade as older systems are slowly replaced. Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable.

In the comments on his post, Graham notes that he has decided not the publish the list of sites that are still vulnerable because he doesn't want to make it even easier for hackers to know which sites to target with Heartbleed attacks. Though your favorite sites are probably safe, it’s important to keep in mind as you amble around the Internet that poorly maintained sites could still be at risk.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.



The Democrats’ War at Home

How can the president’s party defend itself from the president’s foreign policy blunders?

Congress’ Public Shaming of the Secret Service Was Political Grandstanding at Its Best

Michigan’s Tradition of Football “Toughness” Needs to Go—Starting With Coach Hoke

Windows 8 Was So Bad That Microsoft Will Skip Straight to Windows 10

A Plentiful, Renewable Resource That America Keeps Overlooking

Animal manure.


Cringing. Ducking. Mumbling.

How GOP candidates react whenever someone brings up reproductive rights or gay marriage.

Building a Better Workplace

You Deserve a Pre-cation

The smartest job perk you’ve never heard of.

The Ludicrous Claims Women Are Pitched at “Egg Freezing Parties”

Piper Kerman on Why She Dressed Like a Hitchcock Heroine for Her Prison Sentencing

Oct. 1 2014 11:48 AM An Up-Close Look at the U.S.–Mexico Border
  News & Politics
The World
Oct. 1 2014 12:20 PM Don’t Expect Hong Kong’s Protests to Spread to the Mainland
Business Insider
Oct. 1 2014 12:21 PM How One Entrepreneur Is Transforming Blood Testing
Oct. 1 2014 11:59 AM Ask a Homo: A Lesbian PDA FAQ
  Double X
The XX Factor
Sept. 30 2014 12:34 PM Parents, Get Your Teenage Daughters the IUD
  Slate Plus
Behind the Scenes
Oct. 1 2014 10:54 AM “I Need a Pair of Pants That Won’t Bore Me to Death” Troy Patterson talks about looking sharp, flat-top fades, and being Slate’s Gentleman Scholar.
Brow Beat
Oct. 1 2014 12:26 PM Where Do I Start With Leonard Cohen?
Future Tense
Oct. 1 2014 11:48 AM Watch a Crowd Go Wild When Steve Jobs Moves a Laptop in This 1999 Demonstration of WiFi
  Health & Science
Bad Astronomy
Oct. 1 2014 12:01 PM Rocky Snow
Sports Nut
Sept. 30 2014 5:54 PM Goodbye, Tough Guy It’s time for Michigan to fire its toughness-obsessed coach, Brady Hoke.