One month after disclosure of the security vacuum heartbleed, a specialist researcher on Internet security issues, estimates that around 300.000 servers remain exposed.
The revelation was made by security researcher Robert David Graham, via the team's blog Security Errata. The number of 300.000 exposed servers came from a global Internet scan by Errata members.
According to this scan, a set of 1,5 million servers, worldwide, use the OpenSSL feature that allows the Heartbleed bug to work. Of the above set, a number of 318.239 systems remain vulnerable to this.
However, as explained, this figure counts only confirmed cases, and there may also be systems that were not counted either because of some spam blocking they were using or due to some particular OpenSSL configuration.
The number is alarming as the damage that Heartbleed can cause is significant. Although large organizations have rushed to "shield" their servers against the threat, the damage can still come from servers used by services and organizations not as technologically advanced.
It's worth remembering that once a server is vulnerable to attack, anyone can use Heartbleed to obtain personal codes, security keys or even gain full control of a section of the website.
