Many servers still seem vulnerable to Heart Bleed Bug




When a scan of all ipv4 addresses using the port scanner masscan are 318,000 systems found susceptible to the Heart Bleed bug in OpenSSL. Shortly after the vulnerability was revealed 615,000 systems were vulnerable.

Lack of ssl The results of investigator Robert Graham, the developer of efficient port scanner masscan , may indicate that the number of vulnerable servers has decreased, but that’s not to say with certainty. During the portscan, who devoted himself only on https port 443, Graham took 22 million servers supporting SSL; the previous port scan that there were 28 million.

It could be that firewalls attempts by Graham to test servers blocked by the presence of the Heart Bleed bug, or that he has had his own Internet congestion. Burden It is certain at least that there are still many servers vulnerable to the Heart Bleed bug.

Remarkably, Graham took 1.5 million systems to which the heartbeat extension, where the vulnerability is present, was on. A day after the bug was discovered, he discovered one million systems in which the heartbeat extension was enabled. Graham thinks that many sysadmins heartbeat have been disabled on their server until a fix was available.

The Heart Bleed bug came to light a month ago. The bug allows malicious malicious requests to a server, OpenSSL, after which a portion of the internal memory sends back an answer. Thus are theoretically private keys, unencrypted passwords and other sensitive information on the street.


In: Technology & Gadgets Asked By: [15500 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »