View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Heartbleed still prevalent year after discovery

Flaw in SSL security layer persists almost a year on.

By Jimmy Nicholls

The Heartbleed bug is still prevalent among appliances and devices that rely on SSL despite almost a year passing since it was discovered, according to data collected by the security vendor Qualys.

An analysis of the most common vulnerabilities between November and January showed that SSL bugs accounted for four out of the top ten, with Heartbleed claiming last place despite the huge publicity around the bug.

"Over the last year Heartbleed was the most important problem," said Wolfgang Kandek, CTO at Qualys. "My feeling is that people are still focused on their web servers and things that they know about, and they are less attentive about applying that to other devices."

He added that device vendors may still be selling products vulnerable to the Heartbleed bug because the products had been shrink wrapped before the flaw was discovered, and not since patched.

He also noted that such items often did not have the automatic patching common to consumer products like smartphones, which was something the vendors should look into implementing.

"I don’t want to say it will never go away, but there’s certainly a lot of these devices," he said. "I think there are other issues but the Heartbleed one is the most visible. It’s the easiest to exploit; the tools are out there to do it."

Heartbleed was discovered lurking in the SSL security layer used to encrypt traffic between web servers and clients last April, with the flaw enabling hackers to perform man-in-the-middle (MitM) attacks, a form of electronic eavesdropping.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

After it was publicly disclosed many web companies patched their servers and advised people to change their passwords, but the prevalence of the technology led many security experts to predict it would have a long legacy.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU