A prominent security firm has found that 2.1 percent of IP addresses on the Internet are still vulnerable to the dangerous encryption flaw dubbed the Heartbleed bug.
Heartbleed bug is an encryption flaw that allows attackers to read previously encrypted information like emails and passwords. An attacker could even gain access to encryption keys and thus be able to look back at a user’s Web previously encrypted traffic as long as it had it been recorded. The bug has been called “catastrophic” and at one point affected the security of up to two-thirds of the Web.
Errata Security looked at 28 million IP addresses—the unique numbers that identifies the computer network computers use to connect to the Internet—with valid SSL connections in search of the bug.
Of those 28 million, only 615,134 machines were found to be vulnerable to the Heartbleed bug as of this morning, according to Robert Graham at Errata Security.
Additionally, 330,531 machines had heartbeats—the functionality that the bug takes advantage of—enabled but did not fall victim to the attack, leading Graham to believe they’d been patched before the scan began last night.
Graham includes one caveat, however: Of those 28 million IP addresses scanned, millions may redirect to a “single load balancer.” In other words, the percentage of independent IPs affected by the bug may actually be higher than 2 percent.
For regular users, the best way to combat the bug is to make sure all of your software, and especially your Web browser, is up to date. And to be extra secure, you might want to update all your passwords.
Illustration by Fernando Alfonso III