600 thousand servers we’re at high-security risk when Heartbleed was announced last April. It was taken action against immediately and alas we thought that the threat of people hacking our bank accounts were finally over. That is, until now.
300,000 servers remain at a high-risk since no one patched them.
“The norm is to do no patches at all for some systems, no matter how easy it is to patch”. This is according to Errata CEO Robert Graham. He added that retirement management systems isn’t a problem at all if they are left unpatched, however, power grid systems is another issue.
According to Steve Marquess, president of the OpenSSL Foundation, 300 thousand servers isn’t that big of a deal considering how vast the world wide web is.
“There’s always going to be a certain number of systems that are going to be neglected,” Steve said. “You’re never going to get that number down to zero. Look, there are still Windows 95 computers out there,” he compared.
Always one step ahead in technology, Adam Langley announced that Google is paving the way to revolutionize how we work with OpenSSL code. Some are compatible with OpenSSL while some are not as these patches are pretty complex and experimental.
Google calls this new code “BoringSSL” and this will soon make its way into Chromium, Android, and other internal system under Google’s name.
Google isn’t planning to replace OpenSSL though. “We work closely with those people, and I don’t see any changes at all,” Marquess says in defense.
What’s next? Well, it’s all up to the think tanks down at Google, OpenSSL, and even on Linux Foundation’s Core Infrastructure Initiative. What’s next for Heartbleed? It will surely stay on a minor percentage of servers, licking its virtual wounds only to come out again and wreak havoc when the time is right.