A 2014 vulnerability in OpenSSL is yet to be patched in about 200,000 Web-facing devices, according to figures from the Shodan search engine.
Among these are 2596 systems in Australia and 535 in New Zealand. The US has the most unpatched devices with 42,032, followed by South Korea (15,380).
The vulnerability, known as Heartbleed, is present in several versions of OpenSSL, a cryptographic library that enables SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encryption.
The flaw would potentially allow attackers to monitor all information that flows between a user and a Web service, and could even decrypt past traffic they’ve collected, according to experts.
The problem, detailed in CVE-2014-0160, is a missing bounds check in the handling of the TLS heartbeat extension (hence the name 'Heartbleed'), which can then be used to view 64K of memory on a connected server. This allows attackers to obtain the private keys used to encrypt traffic.
The bug was discovered by three researchers from security firm Codenomicon and Neel Mehta, a security researcher at Google.
Most of the systems which are still vulnerable are offering https services. Not surprisingly, Apache leads the vulnerable systems with 51,983 hosts.
Amazon Web Services has the most vulnerable domains with 6375, while Linux 3.x is among the top operating systems affected.
INTRODUCING ITWIRE TV
iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.
We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.
In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.
We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.
See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.
SEE WHAT'S ON ITWIRE TV NOW!
