agsandrew - Fotolia

Heartbleed bug still found to affect 200,000 services on the web

Researchers found the infamous Heartbleed bug is still unpatched on as many as 200,000 services connected to the internet and experts don't expect that number to change.

Nearly 200,000 services still vulnerable to the Heartbleed bug have been found connected to the internet, but one expert says that may not be a big deal.

Researchers from Shodan found nearly 200,000 services around the world still connected to the web but not patched against Heartbleed. The plurality of those services are in the US (about 42,000) and most of the vulnerable services are running on the Linux 3.x kernel, according to Shodan's latest Heartbleed Report, post linked to by Shodan founder John Matherly.

The Heartbleed bug was originally discovered and patched in early 2014, but the OpenSSL flaw gained notoriety because of how widespread it was, how easily exploited and how difficult to patch in many cases -- and because it was one of the first branded vulnerabilities. Now it has become commonplace to compare any new SSL flaw to Heartbleed.

Graham Cluley, independent computer security expert, said system admins have had plenty of time to apply OpenSSL patches and remediate the Heartbleed bug, so he doesn't expect the situation to get better.

"In a year's time, we won't see any significant reduction in the number of Heartbleed vulnerable websites and services connected to the internet," Cluley wrote in a blog post. "This is as good as it's going to get. The people who cared about fixing their systems against the Heartbleed vulnerability did it long ago. The others simply don't give a damn."

Martijn Grooten, security researcher for Virus Bulletin, said the risks presented by the remaining vulnerable services may not be so bad.

Next Steps

Learn more about why the Heartbleed bug didn't harm open source.

Find out the problem with branded vulnerability marketing.

Get info on how Heartbleed led to the discovery of more OpenSSL flaws.

Dig Deeper on Threat detection and response

Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing