More than 20,000 major sites remain vulnerable to Heartbleed

Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now

While many of the top websites in the world have protected themselves from the Heartbleed security vulnerability, plenty of them still need work — as do several pieces of software from data center technology giant VMware.

Information-security company Sucuri inspected the 1 million Alexa-ranked most popular websites around and found that, while most are fixed, 20,320 remain vulnerable. Sucuri did not identify the sites still at risk.

“We were glad to see that the top 1,000 sites in the world were all properly patched and that just 0.53 percent of the top 10,000 still had issues,” Sucuri chief technology officer Daniel Cid wrote yesterday in a blog post. “However, as we went to less popular [and smaller] sites, the number of unpatched servers grew to 2 percent. That is not surprising, but we expected better.”

Sucuri and his colleagues might well have expected better because Heartbleed has received such attention from media outlets and disclosures from cloud providers like Heroku and Amazon Web Services, networking gear makers like Cisco and Juniper, and other vendors of the underlying infrastructure of the Internet.

AI Scaling Hits Its Limits

Power caps, rising token costs, and inference delays are reshaping enterprise AI. Join our exclusive salon to discover how top teams are:

Turning energy into a strategic advantage
Architecting efficient inference for real throughput gains
Unlocking competitive ROI with sustainable AI systems

Secure your spot to stay ahead: https://bit.ly/4mwGngO

Heartbleed arose inside a version of the open-source OpenSSL cryptographic software. Information sitting inside the memory of a server should be encrypted, but because of Heartbleed, an attacker could pull out a little bit of data.

In the past week, Sucuri discovered more than 48,000 attacks designed to take advantage of the Heartbleed flaw. “The bulk of them come from Amazon EC2 instances, likely set up to do these scans,” Cid wrote.

And just as websites are still awaiting patches, VMware, which provides software for running companies’ onsite data center infrastructure, still hasn’t fixed all of its services.

Daily insights on business use cases with VB Daily

If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI.

Read our Privacy Policy

Thanks for subscribing. Check out more VB newsletters here.

An error occured.

The insights you need without the noise