Tuesday, May 13, 2014

How long will our hearts bleed?

Here's an interesting tidbit: Google shows you a lot of information about your posts and the traffic to them.

This is especially interesting because of this article. I first posted it a couple days after Heartbleed came to light when there was lots of attention and activity. But now, weeks later it's still getting a decent amount of traffic. And it certainly isn't the only article about scanning for Heartbleed with nmap (one of my favorites), so we can assume that those other posts are getting as much or more traffic.

Most of the major security vendors have released signatures for Heartbleed at this point, so most of the people searching for cheap ways to scan for Heartbleed are likely working at smaller companies that either don't or can't afford an expensive vulnerability scanner.

My point is that Heartbleed could continue to be an issue for a while. Probably not for larger companies, but for smaller groups with fewer resources to throw at resolving it will probably continue to work on patching for some time.