Heartbleed Bug: Dead or Still a Threat?
The stir caused by the Heartbleed Bug may finally be settling, as many websites work to patch the vulnerabilities in their encryption. According to Computerworld, most websites have patched the problem already, and considering the scale of the bug, it makes sense that so many sites would act so quickly. However, it doesn’t all end there.
Computerworld noted that Sucuri Security, a California security firm, analyzed top websites and found that all of the top 1,000 websites as ranked by Alexa Internet have been patched as of April 17. Of the top 10,000, just 0.53 percent remain vulnerable, 1.5 percent of the top 100,000 are still vulnerable, and around 20,000 of the top 1 million sites are still at risk. Even if that seems like most websites are safe now, the Heartbleed Bug isn’t so simple that a patch can solve the entire issue, and neither can the websites themselves.
The Heartbleed Bug made it possible for attackers to breach a website’s security to snatch up information on encryption keys, usernames, and passwords, a simple patch won’t take that information away from hackers that already gathered it. The patch will ensure that sites aren’t vulnerable to future exploits of the bug, but a great wall clearly won’t solve a kingdom’s problems if it’s already been raided.
Although most of the biggest websites have patched the problem, there is still more to do, and users of those websites also have to take action to ensure their data is safe. Once the websites have completed protecting themselves, it’s time for web users to fix their own vulnerabilities.