Heartbleed - 300,000 systems still not secure
Even a decade from now, critical systems could be vulnerable, claims security researcher
More than 300,000 systems are still not safe from the flawed OpenSSL code, better known as Heartbleed, according to security research firm Errata Security.
OpenSSL is an open-source security tool widely used to encrypt passwords when people log-in to a system. A flaw in the implementation of OpenSSL could allow the private key used in a Secure Sockets Layer (SSL) communication to be exposed. Attackers could then decrypt and read any secure data passed on the network link.
In April, the first reports of exploits of the tool emerged, and a patch was made available immediately so that systems would no longer be able to be exploited through the tool.
However, Errata Security researcher Robert Graham claimed that despite the number of systems being vulnerable having decreased significantly since the Heartbleed bug was announced, half of the systems that were vulnerable then, are still vulnerable today.
Graham believes that people may have stopped trying to patch their systems, meaning that the Heartbleed vulnerability could remain an issue in the years to come.
"Even a decade from now, I still expect to find thousands of systems, including critical ones, still vulnerable," he stated.
However, he hopes that there should be a decrease as older systems are slowly replaced.
Other companies involved in the ‘Core Infrastructure Initiative' are Cisco, Microsoft, IBM, Intel, Dell, VMware, Rackspace, Fujitsu, Qualcomm and NetApp.