50% Systems Remain Vulnerable to HeartbleedAdded: Saturday, June 28th, 2014
Category: Recent Headlines Involving File Sharing > Current Events
Tags:ET, p2p, Torrent, Piracy, Peer To Peer, Network, Hackers, Internet, BitTorrent, Google, utorrent, bitcomet, extratorrent, 2013, www.extratorrent.cc
The so-called Heartbleed flaw, a vulnerability in much-used encryption standard OpenSSL, was revealed 2 months after, but over 300k systems connected to the Internet are still unprotected against the attacks exploiting the bug. So, two months ago the security researchers scanned web servers and other connected devices and found out that 600,000 systems were affected.
A month after the bug was found, over 300,000 systems were still vulnerable to attack, and their number didn’t change much over the last 30 days. This means that people don’t even try to patch. However, the experts believe that they will see a slow decrease over the next decade with older systems being slowly replaced. Though even over a decade there will be thousands of vulnerable systems out there.
Security specialists remind that Heartbleed can be fixed by updating OpenSSL: this can be achieved by following the correct links on the project’s official site or by updating OS containing the code. If you still run vulnerable systems, you should update their encryption keys as well, because they may have already been stolen.
The problem is that while servers running many popular websites remained vulnerable due to Heartbleed, which caused compromises of data on a handful of websites, other devices could also be attacked if left open: CCTV cameras, webcams, baby monitors and mobile apps. It is known that the hackers can steal valuable information including the encryption keys from vulnerable computers by tricking them into revealing that data from their memory.
Some believed that Heartbleed was a virus, but in fact it was just a weakness in the design of the OpenSSL software that the hackers could exploit. Now people got used to auto update and therefore don’t care about manual intervention into the system – they consider it as an unusual experience for most admins.
There were also many Linux OS versions with the flawed code. Security outfits point out that any updated system based on the old distributions would be vulnerable. As such, lots of machines that remain vulnerable may belong to large hosting companies. Indeed, many hosting companies that provide shared hosting environments in Linux have not been updated, simply because they believe that Linux systems were not created with security in mind.
Posted by: Date:
Saturday, June 28th, 2014
|(http)//blog.beyondtrust.com/heartbleed-when-openssl-breaks-your-heart it is not as quoted that Linux was created without security in mind it is merely that since it is modular it cannot be affected or attacked in the same way as say a windows machine and so is less targeted to begin with since 99% of all virus payloads are directed at windows to start with and short of using a rootkit there are few attacks that can glean anything from a Linux box whereas windows just wants to connect with everyone and their dog as standard.|
Many of the distros listed have since updated to the latest versions of openssl and for those that haven`t or are confused as to which version to update to can find out via the link above,remember to remove brackets from (http).
|posted by (2014-06-29 14:53:30)|
|"Indeed, many hosting companies that provide shared hosting environments in Linux have not been updated, simply because they believe that Linux systems were not created with security in mind."|
humm strange comment in the article - as it is anyone who uses linux is doing mainly because of security and stability hence why something like 3/4 of the internet is run on linux. and if linux did not exist the internet would not be what it it is today it would only be a shadow of it current self .. not mention 98% of all mainframes are linux computer
|posted by (2014-06-29 18:59:28)|
|"they believe that Linux systems were not created with security in mind."|
I would bet that literally nobody that knows anything about linux believes that.
I think the bigger, untold story of all this is that open source software can have security holes, but that if this was something like a Windows flaw etc. you would never know about it unless some hacker found it or it became an obvious problem.
Microsoft or some other private company could build a operating system or encryption protocol etc. with security holes, but because it's closed source there's less chance that someone else will look it over and catch the flaw.
Another point to the story is that it's possible that the flaw was in part there because of the nature of open source allowing anybody(inluding NSSA agents) to subvert the security of the program by contributing flawed code creatively. They can possibly spread it out with the back door not being contained in one thing you can update/correct like your encryption package.
With something like that you could have a security hole that only presents itself in a combination/interaction of two programs, making it harder to detect and clean up.
|posted by (2014-06-30 04:47:08)|
|Who could interpret servers were it not supposed to appear catching open source info with best broadband to drive all servers hosting's had for work if it just a large questions all time...if wasn't update it because automatic update from Microsoft announcement was made all thing not many updates to servers to if trouble was in XP servers what it not for believe...open source give update very late...|
|@4 there are virus infections of millions of windows machines which they cannot clean up even when windows has dropped unsolicited packages containing patches to some virus`s on 3 million machines they have failed to prevent infections 300,000 is a small number and will dwindle fast as updates become available and are available with 1.01g update.||
Most Popular Stories