Skip to main content

Thousands of SMBs guilty of ignoring Heartbleed security warnings

Over 300,000 servers are still vulnerable to the Heartbleed bug, despite severe warnings being made by security researcher Robert David Graham over a month ago.

Over the weekend, Graham found that at least 309,197 servers are still vulnerable, a decrease of only 9,042 from the 318,239 he identified a month back.

Read more: Heartbleed turns Cupid to launch Wi-Fi based attack on Android devices

Graham worries that smaller businesses aren't patching vulnerable servers because Heartbleed is no longer headline news.

"This indicates people have stopped even trying to patch," he said. "We should see a slow decrease over the next decade as older systems are slowly replaced.

"Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable."

Graham plans to scan again next month, then after six months and then yearly after that in an effort to track the progress of servers being patched.

Read more: How bad habits are still compromising passwords post-Hearbleed

However, recent scans have suggested that some websites may be blocking his efforts and compromising the accuracy of his study.

"The numbers are a little strange. Last month, I found 28 million systems supporting SSL, but this month I found only 22 million. I suspect the reason is that this time, people detected my Heartbleed 'attacks' and automatically firewalled me before the scan completed," he added.