The Heartbleed vulnerability has been fixed in a wide range.

According to the Re/code website, the Heartbleed vulnerability that shocked the entire Internet world last week has aroused panic. However, the latest report shows that most websites have been updated to fix this vulnerability. Internet Security Company Sucuri conducted a systematic scan of 1 million websites. The results showed that most of the top 1000 websites with traffic are secure and they have been upgraded, and re-created authentication and password lock, including Google, Facebook, YouTube, Pinterest, Wikipedia, Twitter, LinkedIn and Bing.

However, it is recommended that you change your username and password for the sake of security. Only 53 of the Top 1000 websites still have security vulnerabilities. However, Sucuri did not publish these website names.

OpenSSL TLS heartbeat read remote information leakage (CVE-2014-0160)

Severe OpenSSL bug allows attackers to read 64 KB of memory, fixed in half an hour in Debian

OpenSSL "heartbleed" Security Vulnerability

Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.

OpenSSL Heartbleed vulnerability upgrade method

However, the bad news is that 1 million of the 2% websites scanned by Sucuri still have security vulnerabilities (about 20 thousand. Sucuri found that the more famous the website, the more likely it is to fix security vulnerabilities.

In addition, Sucuri detected 48 thousand website link scans with a heartbleed security vulnerability, most of which can be traced to IP addresses on Amazon EC2 scanning tools. What's worse, hackers can easily use these scans to attack websites with security vulnerabilities.

The Heartbleed vulnerability was exposed last week. Basically, Heartbleed uses the OpenSSL vulnerability of the Web security software to allow hackers to easily steal information stored on users' computers, including user names, passwords, and other sensitive data. In addition, hackers can also use the Heartbleed vulnerability to steal Server Authentication locks, so as to copy a legitimate server, defraud users of trust, and give up their usernames and passwords.

This article permanently updates the link address: