According to a scan by Errata Security researcher Robert David Graham, 309,197 servers remain vulnerable. But a lot improvement has been observed since his previous scan in April found 600,000 vulnerable systems, but a miniscule improvement since early May when the number sat at 318,239. Graham said the scan of 1.5-million systems was only port 443, not for all well-known SSL ports, like SMTPs.
He mentioned that “This indicates people have stopped even trying to patch. We should see a slow decrease over the next decade as older systems are slowly replaced. Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable. I’ll scan again next month, then at the six-month mark, and then yearly after that to track the progress.”
Till date HeartBleed bug has been a massive vulnerability in the open-source software package OpenSSL which is broadly used to encrypt Web communications. Information which is protected by SSL/TLS encryption is useless if not patched, leaving Web applications, e-mail communications, instant messaging (IM) and some virtual private networks (VPNs) vulnerable. It helps all hackers to steal logins, passwords and even credit card information. This bug affected most of the Web’s most popular sites earlier in this year. Few of the top 1,000 websites listed by Alexa sites like Google, Yahoo, Facebook, YouTube and Wikipedia were all patched early on and are safe to use.