Why So Many Sites Are Still Vulnerable to Heartbleed

A recent study, conducted by Netcraft, has revealed only 14% of sites have successfully secured their servers since the Heartbleed bug was exposed in April this year.

Once identifying the vulnerability, in order to secure a site owners had to replace their SSL certificates, revoke the old ones and change their private keys. However of the 300,000 sites which have attempted to patch their servers 57% of sites have not revoked or reissued their SSL certificates and 21% of sites that have reissued their certificates have not revoked the originals.

Failure to complete all three steps has resulted in some sites being even more vulnerable than before. If keys have been compromised it renders replacing the certificates moot; having the key allows a hacker to decrypt sensitive information and perform man-in the-middle attacks.

If you think your site may be vulnerable and would like some guidance on how to successfully secure your servers, speak to one of our technical experts today.  As well as being a reseller for a number of vulnerability and patch management software packages, such as Secunia, we also provide in-house security auditing, which includes vulnerability assessment, web applicaton testing and patch management.


Call us 0333 370 2202

Or email us: enquiries[@]signalnetworks.co.uk