Report claims most, but not all, top websites have fixed OpenSSL 'Heartbleed' exploit

The "Heartbleed" exploit that was discovered in websites that use OpenSSL encryption last week has since been rapidly patched all over the world. However, a new report from the Sucuri security firm claims there are still a few sites out there that have yet to deal with the issue.

The company stated this week that they scanned the top 1 million visited websites, as listed by the Alexa rating service, to see how many of them still have not fixed the "Heartbleed" exploit. The top 1,000 sites show no "Heartbleed" OpenSSL vulnerabilities. and the report claims that only 53 of the top 10,000 sites have yet to fix the bug.

The numbers and percentages of "Heartbleed" sites got larger as Sucuri moved down the Alexa rankings. In the top 100,000, the firm claim 1,595 sites are still open to the exploit. The top 1 million sites have 20,320 that are not yet patched up; Sucsuri did not list the specific sites that are still vulnerable to the "Heartbleed" issue.

The lesson is that while the vast majority of websites are no longer open to the OpenSSL problem, web surfers still need to be cautious when entering their personal information, especially among sites that don't get a lot of traffic.

Source: Sucuri | Heartbleed image via Shutterstock

Report a problem with article
Previous Story

Additional Microsoft retail store locations revealed, including Staten Island, NY

Next Story

Turkey plans to pixelate Twitter posts that contain 'malicious content'

14 Comments

Commenting is disabled on this article.

Without reading, does this scan for patch against attack along with renewed certificates meaning the hole is fixed and the potential back doors (so to speak) are plugged?

As was said by someone far more knowledgeable than me, this will never be fixed - to believe the opposite is to have a faith in humanity that I cant accept.

"The top 1,000 sites show no "Heartbleed" OpenSSL vulnerabilities."

good that Neowin patched quickly or that list would had a stain. :D :)

If you use LastPass, you'll see which sites you should change password for, based on past Heartbleed vulnerabilities and their respective states of updated certificates.

Because the honey pots have shown that hackers didn't really know about this until it came out. The issue is takes just a few lines of code to start scanning the net for sites with issues. Between hearing about the issues the hackers were ready to rock'n roll with in minutes.

I could make an 80s disco out of the name of this exploit:

Heartbleed, Heartbleed
Touch me if my Heartbleeds
Boom dah dah boom dah dah
Heartbleed!