Only eight of the 500 most popular sites in the Netherlands appear vulnerable to the critical OpenSSL bug Heart Bleed. Worldwide try administrators rushed to patch their systems. Especially for routers at home users provides update problems.
An inventory of Tweakers shows that eight of the Alexa Top 500 most visited sites from the Netherlands to be the OpenSSL bug that was announced Tuesday. Susceptible How many sites were initially vulnerable is not known.
Approximately 17.5 percent of all SSL sites worldwide, half a million in total, would initially have been vulnerable calculated Netcraft. Although more than 66 percent of the global Apache or Nginx servers, thus OpenSSL, running, do not make long each site using https. Almost all major sites and services, such as Google, Yahoo, Facebook and Microsoft, were at the announcement of the bug already updated, or trying to do so. Yahoo Tuesday showed still relatively long fragile, shows include a blog piece from Fox-IT and dozens of other sites in the Alexa Top 1000 globally popular sites like Kickass Torrents, OKCupid, XDA Developers. Otto.nl and WeTransfer were vulnerable.
Managers of smaller sites are also much slower in updating and this is especially severe in shops. A quick tour of large to medium-sized webshops, Tweakers took fifteen vulnerable sites, which thus can leak. Customer information such as credit card numbers
In addition, it is expected that the so-called Heart Bleed bug effect is obtained from routers. Especially home users have no idea whether their modem-cum-router is vulnerable, writes The Register. If they already know they are dependent on the vendor for a firmware upgrade and older devices are probably no longer be updated.
Tuesday was the Heart Bleed bug known . The bug is in OpenSSL, worldwide use many services for SSL encryption for their sites. The bug is in the “heartbeat’ extension, which allows computers to send to verify that a system on the other side of the ssl-line is still online is a message and can react.
It was possible to create a server that persuades to give. The contents of its memory price a malicious Heartbeat message This would include passwords and credit card details on the street can get. There would be little technical knowledge required to exploit the vulnerability and the leak would sit in the software for two years.