Only eight of the 500 most popular sites in the Netherlands appear to be vulnerable to the critical OpenSSL bug Heartbleed. Worldwide try administrators rushed their systems to patch. Especially for routers to home users delivers update problems.
From an inventory of Tweakers shows that eight of the Alexa Top 500 of most visited sites from the Netherlands are susceptible to the OpenSSL bug that Tuesday, it was announced. How many sites initially were vulnerable is not known.
Approximately 17.5% of all ssl sites around the world, in total half a million, would initially vulnerable have been, according to Netcraft. Although more than 66 percent of servers worldwide, Apache or nginx, and thus OpenSSL, running, long not every site use https. Virtually all big sites and services, such as Google, Yahoo, Facebook and Microsoft, were at the announcement of the bug have already updated, or busy to do this. Yahoo revealed Tuesday, is still relatively vulnerable, is obvious from a blog article would become Fox-IT and also dozens of other sites from the Alexa Top 1000 globally popular sites, such as Kickass Torrents, OKCupid, XDA Developers. Otto.nl and WeTransfer were vulnerable.
Managers of smaller sites are also much slower in the update, and this is especially severe in the shops. From a quick tour of large to medium sized web shops, found Tweakers fifteen vulnerable sites, that customer information such as credit card numbers may leak.
In addition, it is expected that the so-called Heartbleed bug effect is going to get with routers. Especially home users have no idea whether their modem cum router is vulnerable, writes The Register. If they already know they are depending on the supplier for a firmware upgrade, and older devices will probably not be updated anymore.
Tuesday was the Heartbleed bug is known. The bug is in OpenSSL, that many services around the world use for the ssl-encryption for their sites. The bug is in the ‘heartbeat’extension, which computers a message late to send in order to verify that a system on the other side of the ssl line is still online and can respond.
It turned out to be possible a malicious Heartbeat message to a server to coax the contents of his memory. This would, among other passwords, and credit card information on the street. There would be little technical knowledge are required for the vulnerability to exploit and the leak would have been two years in the software.