Jun 29, 2014

Is Heartbleed still a security concern or has it been neutralized?

Time flies, but it was only about 10 weeks ago that news of the Heartbleed security bug broke and created a few days of mostly justified panic. I haven’t heard anything about it in a while now. Has the problem been completely resolved, or is Heartbleed still cause for concern?

Mandril has a good answer for this question, but here's a link to the Heartbleed article on Wikipedia. It has a pretty good overview of Heartbleed and its consequences.


It’s kind of like Wesley in Princess Bride, it’s mostly dead. It was generally neutralized quickly, but that doesn’t mean that there aren’t still some compromised sites out there. Within a few days of discovery of the flaw, all of the top 1000 websites were updated and safe to use. I haven’t seen recent data, but about six weeks ago slightly less than 2% of websites remained vulnerable. That doesn’t sound like much, but there are a LOT of websites out there. I suspect that number is down to 1% or less now, but I can’t find hard numbers to support that figure. If you have questions about a particular website, you can always use a test site to check for the vulnerability.



Answer this