Most People and Sites Did Nothing to Address Heartbleed

Heartbleed

After all the alarmed coverage in the media, after all the advice to change passwords and patch affected websites, how worried did we all get about the Heartbleed vulnerability, really? Not so much, it seems, according to two bits of research that studied responses from people on different ends of the spectrum — everyday consumers and website operators. The newest findings out on Friday from the U.K.-based Internet security firm Netcraft, which has been tracking the progress of sites affected by the bug. There are two things those sites have been advised to do: First, update the version of OpenSSL, the open source security software where the vulnerability was found; second, revoke and reissue the certificates used to prove they are who they say they are. According to Netcraft’s data, 57 percent of sites affected by Heartbleed have taken no action whatsoever.

Read the full story at re/code.

Author: