05/12/2014 Leave a comment
by: Doug Zbikowski
It’s been over a month since the Heartbleed bug brought Internet security to the forefront of the news, and according to Errata Security’s Robert Graham, more than 300,000 servers across the globe are still vulnerable. This is a big drop from the 600,000 initially detected when the vulnerability first became public, but it’s still a large number.
After its discovery earlier this year, Heartbleed is still a serious threat because it can potentially release usernames, credit card information, passwords, and other personal data to attackers. It was determined a flaw in OpenSSL, a common tool used to encrypt and secure communication between a user to a server, is the source of this security breach.
Graham’s numbers are concerning, and they might just be the tip of the iceberg.
His testing was done by scanning port 443 (a port is a “channel” used in Internet communication that is reserved for a specific function. Port 443 is typically used for SSL traffic). There may be thousands…even millions…more servers out there using undetected alternate ports that are still unpatched. Read more of this post