When the knowledge of Heartbleed became public two months ago, the Internet went into a password-changing, server-adjusting tailspin. The vulnerability hit about 600,000 systems initially. In the first month, about half of these were patched, bringing it down to around 300,000 vulnerable servers.
On Saturday, Errata Security did a scan to determine how many systems were still vulnerable. They found a staggering number — 309,197 systems remain affected by Heartbleed. So, basically, in the last month nothing has changed.
Robert Graham at Errata Security found these vulnerabilities by scanning the port 443. Graham has not yet checked other ports, so perhaps more systems have been affected.
Graham believes "this indicates people have stopped even trying to patch." He will continue to track system vulnerabilities next month, at the six-month mark and yearly thereafter.
Because of this, it is a good idea to install a Heartbleed detector on your own system. Chrome offers a great one, called Chromebleed.
This article is from the archive of our partner The Wire.