Small companies drag feet on Heartbleed

While there was much collective handwringing and angst over the discovery of the killer Heartbleed error which left companies vulnerable to attack, too few of them have taken the problems seriously.

Security researcher Robert David Graham has found that at least 309,197 servers are still vulnerable to the exploit which is about half of the original total.

Immediately after the announcement, Graham found some 600,000 servers were exposed by Heartbleed. One month after the bug was announced, that number dropped down to 318,239. In the past month, however, only 9,042 of those servers have been patched to block Heartbleed.

He said that means that smaller sites aren’t making the effort to implement a fix which makes them completely vulnerable.

Graham said that the numbers mean that the lightly-trod corners of the internet will remain vulnerable for many years to come, as sites with sub-par security standards continue to leave themselves exposed.

He said that the danger is particularly real now since the exploit has been widely publicized. The bug, which affects the OpenSSL protocol used widely online, can cause some serious damage — it can be exploited to give hackers encryption keys, passwords, and other sensitive information.

What is particularly strange is that fixing the problem is not a particularly difficult task, which makes you wonder how many other servers are out there with outdated software.