That's 12,000 websites
That's 12,000 websites too cheap to pay for security and some tech.
It's the bug that keeps on bleeding. Thousands of websites are still vulnerable to Heartbleed more than a month after a patch for the password-leaking OpenSSL bug was released, we're told. Researchers at AVG’s Virus Labs said they scanned Alexa's league table of the top 800,000 sites in the world, and found 12,043 (1.5 per …
All the hearts bleeding over a vulnerability in linux web servers but still no concern about the total lack certificate revocation in iOS, Android or Chrome (all Chromium) web browsers. https://www.grc.com/revocation/implementations.htm
Another security FAIL from developers who just don't care and Users that don't either... The human race must deserve itself.
If you understand the vulnerability and its ramifications, you'd also know that no browser is able to handle a certificate revocation list (CRL) of this magnitude. Obviously we need a better method as people aren't willing to go back to the World-Wide-Wait while the browser attempts to ingest the complete list and then process it. Remember, every one of those previously Heartbleed vulnerable sites invalidated all their certificates, sometimes more than once. Now we are getting into third-party stuff tracing those vulnerable packages as well.
Biting the hand that feeds IT © 1998–2021