3aIT Blog

 

Research has shown that a large number of servers are still vulnerable to the widely publicised "Heartbleed" bug.

The problem is probably even worse than that research indicates, as they only measured the largest websites in the world, which one would expect to be well maintained. There are probably many more smaller sites that aren't actively maintained that are still susceptible to this bug.

For those still unaware, "Heartbleed" is a bug in a critical part of Linux's software that causes it to expose all data that is currently being processed by the server in question if probed in a certain way. This data could include anything from what web pages people are currently viewing, up to far more confidential data such as credit card numbers and passwords.

This was patched quickly, and 3aIT applied these patches to all our customers' servers within a few hours. However, as this new research shows, this is certainly not the case universally.