Some Good News, Heartbleed Bug Mostly Fixed
Sucuri, an Internet security firm, has conducted a systematic scan of the top million websites (according to Alexa) and found that most of them are free of the Heartbleed vulnerability.
If you are scratching your head, Heartbleed is a security vulnerability that was discovered earlier this month that allowed hackers to retrieve small nuggets of data from a web server's active memory using a security vulnerability in the OpenSSL security software. The data could potentially contain valuable information such as passwords, credit card information or even the server's own private security keys.
According to Sucuri, the top 1000 websites are safe, thanks to patched servers and brand new security certificates and keys. The top 1000 websites include sites like Google, Facebook, YouTube, Pinterest, Wikipedia and more.
Furthermore, out of the top 10,000 websites, only 53 were found to be still vulnerable. Unfortunately, Sucuri does not name which of the sites are to prevent hackers from targeting them.
Unfortunately, it is not all good news because out of the top one million websites, a worrying 2% are still vulnerable. This translates to about 20,000 websites.
Additionally, Sucuri says that it has detected over 48,000 scans carried out by sites that are looking for other sites still affected by the Heartbleed vulnerability. Although most of these scans can be traced to Amazon EC2, which is hosting the Heartbleed scanning tool, some of these scans could very well be hackers scanning for vulnerable sites to attack.
Security experts have commented earlier that the Heartbleed vulnerability would be difficult to fix and this certainly seems to be the case. Also, if you have not changed your passwords at the web sites listed in this article yet, now is a good time to do so.