200,000 websites still affected by three year old security weakness (Heartbleed)
The Heartbleed vulnerability, renowned for allowing hackers anywhere on the internet to access encrypted communication between websites and their users has been found to still be present on nearly 200,000 websites, more than three years after it was originally discovered.
A patch for the weakness was released in April 2014, and yet the flaw is still present on 200,000 sites all over the world, 6,000 of which are based in the UK, and over a third of which were hosted on either Amazon Web Services or Verizon Wireless.
This is particularly surprising given that the same weakness is reported to have been fundamental to the breach of 4.5 million patient records from US Health firm Community Health Systems, and that the exploit code is in the wild, making it trivial for even low-skilled hackers to exploit.
Even more interesting is to think that on average 8,000 security vulnerabilities are being released each year. So since these systems have clearly not been patched since 2014, roughly 24,000 new vulnerabilities have been discovered, some of which have been equal to or worse in nature than the Heartbleed flaw.
It really drives home the importance of regular security testing and remediation. Something that we at Intruder have been championing for a while now. Clearly, there are 200,000 website owners out there who either don’t know that they’re vulnerable, or don’t care.
Do you know if your websites are vulnerable or not? Get in touch if you want to find out!