Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now
While many of the top websites in the world have protected themselves from the Heartbleed security vulnerability, plenty of them still need work — as do several pieces of software from data center technology giant VMware.
Information-security company Sucuri inspected the 1 million Alexa-ranked most popular websites around and found that, while most are fixed, 20,320 remain vulnerable. Sucuri did not identify the sites still at risk.
“We were glad to see that the top 1,000 sites in the world were all properly patched and that just 0.53 percent of the top 10,000 still had issues,” Sucuri chief technology officer Daniel Cid wrote yesterday in a blog post. “However, as we went to less popular [and smaller] sites, the number of unpatched servers grew to 2 percent. That is not surprising, but we expected better.”
Sucuri and his colleagues might well have expected better because Heartbleed has received such attention from media outlets and disclosures from cloud providers like Heroku and Amazon Web Services, networking gear makers like Cisco and Juniper, and other vendors of the underlying infrastructure of the Internet.
AI Scaling Hits Its Limits
Power caps, rising token costs, and inference delays are reshaping enterprise AI. Join our exclusive salon to discover how top teams are:
- Turning energy into a strategic advantage
- Architecting efficient inference for real throughput gains
- Unlocking competitive ROI with sustainable AI systems
Secure your spot to stay ahead: https://bit.ly/4mwGngO
Heartbleed arose inside a version of the open-source OpenSSL cryptographic software. Information sitting inside the memory of a server should be encrypted, but because of Heartbleed, an attacker could pull out a little bit of data.
In the past week, Sucuri discovered more than 48,000 attacks designed to take advantage of the Heartbleed flaw. “The bulk of them come from Amazon EC2 instances, likely set up to do these scans,” Cid wrote.
And just as websites are still awaiting patches, VMware, which provides software for running companies’ onsite data center infrastructure, still hasn’t fixed all of its services.