Slashdot Mirror

← Back to Stories (view on slashdot.org)

Heartbleed OpenSSL Flaw Still Affects 200,000 Devices

Posted by samzenpus on from the protect-ya-neck dept.

Mickeycaskill writes: Despite the rush by vendors and software developers to issue fixes for the notorious Heartbleed OpenSSL flaw, 200,000 connected devices have still not been patched — eighteen months after discovery. Figures from Internet of Things (IoT) search engine provider Shodan show not all admins have been quick to fix their systems, while some security experts suggest the world will never be free of Heartbleed, which at one point was present on 220 million downloaded Android applications. "Clearly, some manufacturers and IT teams have dropped the ball, and failed to update vulnerable systems," said expert Graham Cluely. "My bet is that there will always be devices attached to the internet which are vulnerable to Heartbleed."

11 comments

  1. WMDs deception & starvation still #1 killers by Anonymous Coward · · Score: 0

    & we must still pretend we have secrets?

  2. is Hillary's server by Anonymous Coward · · Score: 0

    Affected?
    dymb bitch

  3. And how many matter? by Anonymous Coward · · Score: 0

    If you steal my home router's private key (btw its not publicly accessible anyway, but the point stands), what could you do with it? MITM _other_ hackers into your own honeypot version of my home router?

    With the precious "IoT" everywhere, 200k devices is a meaningless number.

  4. OSS shows its cracks by Anonymous Coward · · Score: 0

    You get what you pay for.

    1. Re: OSS shows its cracks by Anonymous Coward · · Score: 0

      No other TLS stack is provably more secure.

      Keep hating, while the rest of us make money without paying the Microsoft tax.

  5. IoT = Internet of Turbo-sploited by Anonymous Coward · · Score: 0

    This is why we need to start requiring five years of security patches for embedded devices the same way we require warranties. Hardware companies don't give a single fuck, and won't until they're forced to.

  6. Crappy "home router"-type devices by Anonymous Coward · · Score: 0

    Does anyone think those "Linksys"-type "home routers" (lol) that everyone seems to swallow up like crack will ever get fixed?

    Nope.

    They'll sell you the device, though. No problem. Good luck if it ever get more than a single firmware update, *ever*.

    And no, smug slashdot guy, you're not clever for putting tomato or DD-WRT on your Linkshit so-called "router". You're obviously not the part of the problem the article is about, so save it.

  7. That's pretty good by Anonymous Coward · · Score: 0

    How many devices had the flaw when it was discovered? 200,000 is a tiny fraction of the original total.

    1. Re:That's pretty good by Calydor · · Score: 1

      I was thinking the same thing. Dropping from 220 MILLION to 200 THOUSAND seems like a pretty good correction. That is quite literally a 99.9% (give or take a tiny amount on the right side of the decimal) correction rate; what are we complaining about?

      --
      -=This sig has nothing to do with my comment. Move along now=-
  8. The real question is: by Anonymous Coward · · Score: 0

    Will there always be devices attached to the internet that we care about being vulnerable to Heartbleed that are?

  9. IOT by Anonymous Coward · · Score: 0

    Seems like a rather small number if the IOT is supposed to take over, and this is where most of the un-patched code lies...