Report says ‘Heartbleed’ vulnerability is till s significant security threat

HeartbleedAccording to a new report by the Errata Security blog, the two-month-old 'Heartbleed' vulnerability is still a significant security threat. The vulnerability underscores a critical security error in the OpenSSL software which powers the systems that facilitate the secure transfer of data across the entire Internet.

The report has revealed that though the Heartbleed flaw was patched has been patched by thousands of websites, with most of the bigwig companies having updated their servers, the security risk from the flaw still looms large for a number of systems and sites.

Simply speaking, the Errata Security report implies that while nearly all of the most popular sites on the Internet are no longer vulnerable to Heartbleed, the security risk posed by the Heartbleed exploit still persists for countless smaller sites.

Specifically, as per the report, since there are still more than 300,000 servers which run outdated, unpatched versions of OpenSSL, these servers are completely open to attacks derived from the Heartbleed vulnerability.

Against the backdrop of Errata Security's findings, The Verge cautioned: "Sites with sub-par security standards [will] continue to leave themselves - and their users - exposed (to Heartbleed). The danger is particularly real now since the exploit has been widely publicized."