back to article AVG on Heartbleed: It's dangerous to go alone. Take this (an AVG tool)

It's the bug that keeps on bleeding. Thousands of websites are still vulnerable to Heartbleed more than a month after a patch for the password-leaking OpenSSL bug was released, we're told. Researchers at AVG’s Virus Labs said they scanned Alexa's league table of the top 800,000 sites in the world, and found 12,043 (1.5 per …

COMMENTS

This topic is closed for new posts.
  1. ecofeco Silver badge

    That's 12,000 websites

    That's 12,000 websites too cheap to pay for security and some tech.

  2. Pu02
    WTF?

    Don't forget the client-side vulnerabilities!

    All the hearts bleeding over a vulnerability in linux web servers but still no concern about the total lack certificate revocation in iOS, Android or Chrome (all Chromium) web browsers. https://www.grc.com/revocation/implementations.htm

    Another security FAIL from developers who just don't care and Users that don't either... The human race must deserve itself.

    1. jackofshadows Silver badge

      Re: Don't forget the client-side vulnerabilities!

      If you understand the vulnerability and its ramifications, you'd also know that no browser is able to handle a certificate revocation list (CRL) of this magnitude. Obviously we need a better method as people aren't willing to go back to the World-Wide-Wait while the browser attempts to ingest the complete list and then process it. Remember, every one of those previously Heartbleed vulnerable sites invalidated all their certificates, sometimes more than once. Now we are getting into third-party stuff tracing those vulnerable packages as well.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019