Two weeks ago, we talked about how many sites in the top 1 million domains (as judged by Alexa) were vulnerable to the Heartbleed SSL vulnerability. How do things stand today?
Figure 1. Sites vulnerable to Heartbleed as of April 22
Globally, the percentage of sites that is vulnerable to Heartbleed has fallen by two-thirds, to just under 10 percent. Only three TLDs we looked at have percentages above the global number: Brazil (.BR), China (.CN), and Russia (.RU).
The only TLD with a 100% cleanup record was the .gov domain, reserved for the use of US government sites.The Australian (.AU), British (.UK), German (.DE), and Indian (.IN) TLDs also had rates that were significantly lower than the global average.
Overall, the numbers leave room for optimism when it comes to addressing Heartbleed. Most system administrators have paid attention to the warnings and patched their servers accordingly. The question is now whether the remaining 10% of vulnerable domains will be patched sooner rather than later, or if we will be stuck with a non-trivial portion of the Internet that will be left at risk.
For users who want to test if the sites they use are at risk, a Trend Micro heartbleed detector app may be found in the Google Play store, the Google Chrome store, and the web.
For other posts discussing the Heartbleed bug, check our previous entries:
- Bundled OpenSSL Library Also Makes Apps and Android 4.1.1 Vulnerable to Heartbleed
- Heartbleed Bug—Mobile Apps are Affected Too
- Heartbleed Vulnerability Affects 5% of Select Top Level Domains from Top 1M
- Skipping a Heartbeat: The Analysis of the Heartbleed OpenSSL Vulnerability
