One month after disclosure of the security vacuum heartbleed, a specialist researcher on Internet security issues, estimates that around 300.000 servers remain exposed.
The revelation was made by security researcher Robert David Graham, via the blog of the research team Errata Security. The number of 300.000 exposed servers came from a global Internet scan by Errata members.
According to this scan, a set of 1,5 million servers, worldwide, use the OpenSSL feature that allows the Heartbleed bug to work. Of the above set, a number of 318.239 systems remain vulnerable to this.
However, as explained, this figure counts only confirmed cases, and there may also be systems that were not counted either because of some spam blocking they were using or due to some particular OpenSSL configuration.
The number is worrying because the damage that Heartbleed can cause is important. Although large organizations have been quick to "shield" their servers against the threat, the damage can come from servers that are used by services and organizations not so technologically advanced.
It is worth recalling that since one server is vulnerable to attacks, anyone can use Heartbleed to obtain personal passwords, wrenches security or even gain full control of a section of the website.