10 May 2014

300 Thousand Servers Still Vulnerable Heartbleed

300 Thousand Servers Still Vulnerable Heartbleed

Already a month ago Heartbleed security holes found on a number of services websites that use OpenSSL protocol for encryption of user data . Although it has been given a stern warning , but more than 300,000 internet service server is still vulnerable to Heartbleed reported .

Computer security researcher , Robert David Graham , perform scanning to 1.5 million servers that utilize the OpenSSL protocol . Of these , 318 239 Graham find servers still vulnerable to Heartbleed .As quoted from The Verge , the amount obtained by Graham not counting all the servers that utilize OpenSSL , so maybe there are other systems that escaped from the calculation . 

Heartbleed found after a team of computer security researchers at the University of Michigan , U.S., using an open source network scanner called ZMap . ZMap developed at the University of Michigan by Assistant Professor J Alex Halderman and graduate students of computer science , Zakir Durumeric and Eric Wusterow . 

Zmap useful for searching the Internet servers are susceptible to Heartbleed potentially be used to steal usernames , passwords , credit card numbers , and other important information .This security hole discovered in OpenSSL , an open-source security protocol used to encrypt sensitive information via the function of SSL (secure sockets layer ) in many Internet -based services .

By exploiting loopholes Heartbleed on OpenSSL , hackers can steal information , although a website or service providers already do encryption ( marked with a " padlock " and the prefix " https : " in the URL ) .Heartbleed impact on all web sites and services that are running OpenSSL 1.0.1 to version 1.01F . Versions of OpenSSL are vulnerable are already widely used since May 2012 .

That is , for two years , this gap has been circulating undetected in all the service providers that use OpenSSL encryption , ranging from applications , web site internet , to banking institutions .The problem becomes large because OpenSSL is used by 66 percent of all Internet web parts to encrypt the data , so that the security hole was widespread .

Most of the affected service name Heartbleed can be seen in a list created on 8 April 2014 . Since the list was published , some service providers , such as Facebook , Yahoo , Gmail , Tumblr , and Dropbox , has distributed a patch to patch the vulnerabilities that exist .