Heartbleed Bleeds On
According to a report, many potential victims of the Heartbleed attack have patched their systems, but few have cleaned up the crime scene to protect themselves from the effects of a previous intrusion.
The recent Heartbleed scare revealed that millions of servers around the world were vulnerable to an SSL-based attack that could compromise private keys and thus allow an intruder to break into supposedly encrypted and secure Internet services. Heartbleed was widely reported and was considered a wake-up call for software developers, webmasters, and security specialists to get serious about fixing broken software and keeping systems up to date.
But according to a study by Venafi Labs, the Heartbleed cleanup remains unfinished. The study investigated servers for 1,639 companies around the world and found that 99% had checked and patched the actual Heartbleed flaw, but only 3% had made the effort to change their original private key. If any of these servers using the previous private key were subject to a Heartbleed attack prior to the patch, they are still vulnerable.
In an interview with The Register, Venafi VP Kevin Bocek explains, “Mopping up after an incident isn’t as simple as it used to be …. You can’t just stick a patch on it and call it done.”
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Red Hat Releases RHEL 10 Early
Red Hat quietly rolled out the official release of RHEL 10.0 a bit early.
-
openSUSE Joins End of 10
openSUSE has decided to not only join the End of 10 movement but it also will no longer support the Deepin Desktop Environment.
-
New Version of Flatpak Released
Flatpak 1.16.1 is now available as the latest, stable version with various improvements.
-
IBM Announces Powerhouse Linux Server
IBM has unleashed a seriously powerful Linux server with the LinuxONE Emperor 5.
-
Plasma Ends LTS Releases
The KDE Plasma development team is doing away with the LTS releases for a good reason.
-
Arch Linux Available for Windows Subsystem for Linux
If you've ever wanted to use a rolling release distribution with WSL, now's your chance.
-
System76 Releases COSMIC Alpha 7
With scores of bug fixes and a really cool workspaces feature, COSMIC is looking to soon migrate from alpha to beta.
-
OpenMandriva Lx 6.0 Available for Installation
The latest release of OpenMandriva has arrived with a new kernel, an updated Plasma desktop, and a server edition.
-
TrueNAS 25.04 Arrives with Thousands of Changes
One of the most popular Linux-based NAS solutions has rolled out the latest edition, based on Ubuntu 25.04.
-
Fedora 42 Available with Two New Spins
The latest release from the Fedora Project includes the usual updates, a new kernel, an official KDE Plasma spin, and a new System76 spin.