Already a month ago Heartbleed security holes found on a number of services websites that use OpenSSL protocol for encryption of user data . Although it has been given a stern warning , but more than 300,000 internet service server is still vulnerable to Heartbleed reported .
Computer security researcher , Robert David Graham , perform scanning to 1.5 million servers that utilize the OpenSSL protocol . Of these , 318 239 Graham find servers still vulnerable to Heartbleed .As quoted from The Verge , the amount obtained by Graham not counting all the servers that utilize OpenSSL , so maybe there are other systems that escaped from the calculation .
Heartbleed found after a team of computer security researchers at the University of Michigan , U.S., using an open source network scanner called ZMap . ZMap developed at the University of Michigan by Assistant Professor J Alex Halderman and graduate students of computer science , Zakir Durumeric and Eric Wusterow .
Zmap useful for searching the Internet servers are susceptible to Heartbleed potentially be used to steal usernames , passwords , credit card numbers , and other important information .This security hole discovered in OpenSSL , an open-source security protocol used to encrypt sensitive information via the function of SSL (secure sockets layer ) in many Internet -based services .
By exploiting loopholes Heartbleed on OpenSSL , hackers can steal information , although a website or service providers already do encryption ( marked with a " padlock " and the prefix " https : " in the URL ) .Heartbleed impact on all web sites and services that are running OpenSSL 1.0.1 to version 1.01F . Versions of OpenSSL are vulnerable are already widely used since May 2012 .
That is , for two years , this gap has been circulating undetected in all the service providers that use OpenSSL encryption , ranging from applications , web site internet , to banking institutions .The problem becomes large because OpenSSL is used by 66 percent of all Internet web parts to encrypt the data , so that the security hole was widespread .
Most of the affected service name Heartbleed can be seen in a list created on 8 April 2014 . Since the list was published , some service providers , such as Facebook , Yahoo , Gmail , Tumblr , and Dropbox , has distributed a patch to patch the vulnerabilities that exist .