Over 300,000 systems still vulnerable to Heartbleed
Errata Security says scans detect large number of systems still not patched
Over 300,000 systems are still vulnerable to attacks using the Heartbleed flaw, according to Errata Security.
The security company said in a blog post that it had detected 309,197 systems which had yet to be patched, two months after the vulnerability in the OpenSSL encryption standard was first publicised.
The Heartbleed vulnerability, caused by flawed coding in the open source Open SSL package, left a wide range of systems vulnerable to attack, including web servers, routers, and other networking hardware. The exploit was used to steal login data in a number of cases, and caused a considerable amount of work as admins updated servers.
A number of IT vendors also announced more funding for open source projects such as Open SSL, which are widely used across the industry, to try to avoid mistakes like Heartbleed in future.
Errata said that it had detected some 600,000 vulnerable systems when Heartbleed first came to light, but that the slow response to patch systems likely indicated apathy among administrators.
Robert Graham of Errata Security wrote: "This indicates people have stopped even trying to patch. We should see a slow decrease over the next decade as older systems are slowly replaced. Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable."