Heartbleed Vulnerability April 2014 still present at 200,000 hosts
Major OpenSSL Hearbleed Vulnerability is still found across the Internet on more than 200,000 vulnerable sites.
It is more than seventeen months after discovery and patch fix solution to the severe vulnerability.
The 200,000 vulnerable targets can be subject to Worm, Malware and or hacker exploitation.
The top 5 countries vulnerable to Heartbleed with USA as #1
Countries with live Heartbleed OpenSSL vulnerable systems per September 2015 includes:
United States with : 57,300
Germany with 21,660
United Kingdom (UK): 9,125
Heartbleed vulnerability can lead to password theft
The Heartbleed vulnerability can allow Hackers, Malware or Worms to steal sensitive information such as passwords.
Discussion about if owners of vulnerable hosts can be held accountable?
There is discussion about what causes so many systems to still be vulnerable close to 18 months later.
The most common things can be simple abandoned, non maintained systems, that are still live and running.
It can be plain laziness of system administrator, too busy people, or nobody responsible for fixing systems.
IT Departments that do not have enough resources to keep all their systems patched and up to date.
It can also be lazy software or hardware vendors that simple have not released a firmware patch to solve the problem.
It can be for older systems they do not want to keep updated.
Experts discuss if a penalty for exposing vulnerable systems should be enforced
This is big discussion in the IT Security community about consequence for leaving vulnerable systems exposed.
Should the responsible people for leaving vulnerable systems online with or without their knowledge be subject to accountable for it?
Exposed vulnerable systems can be abused in Malware Worm attacks
Can those that are responsible for failing to secure the vulnerable systems be held accountable if their systems are being used in malware attacks?
Some argue a good encouragement could be prison sentences for them to fix all their injected systems fast.
If you are not sure about your own systems if they are vulnerable or not feel free to get a Free Heartbleed Vulnerability Scan and find out.
Attackers are getting more advanced and sophisticated to exploit new vulnerabilities. Always deploy UTM Firewall with strong IPS functionality.
A strong IPS Intrusion prevention system can block attacks even if the target system is not patched.