In April, it was three years since the first time the Heartbleed safety gap was reported. Behind this rather insignificant name lies a bug in the Heartbeat extension for TLS in OpenSSL. It allows attackers to read out secret SSL keys and thus interfere with connections to the server. And you can do a lot of mischief with it.
When the error became known at the time, he hit great waves and even the attention of the mass media was aroused. Not least, there were also fairly fast solutions to this problem. The patch rate was really high – but it did not arrive at all. It has now been discovered, there are still many servers vulnerable to the Heartbleed vulnerability.
Most vulnerable systems are found in the US, especially among the rental servers at Amazon. But also in South Korea, China and Germany (here are hosters like Strato and 1 & 1) have not yet reigned on the threat and the systems patched. It’s hard to believe, because in the online world, three years can be an eternity – you should have come into action.