Thursday, 10. April 2014

Heartbleed Vulnerability Affects 5% of Select Top Level Domains from Top 1M

In trying to gauge the impact of the Heartbleed vulnerability, we proceeded to scanning the Top Level Domain (TLD) names of certain countries extracted from the top 1,000,000 domains by Alexa. We then proceeded to separate the sites which use SSL and further categorized those under “vulnerable” or “safe.” The data we were able to gather revealed some interesting findings.

As of the moment, we see an overall percentage of around 5% in terms of sites affected by CVE-2014-0160. The TLDs with the largest percentage of vulnerable sites are .KR and .JP. It’s interesting to note that sites from the .GOV TLD rank fifth on the list.

Figure 1. A breakdown of vulnerable sites per country
(Click image above to enlarge)

On the other hand, we have significantly low number of vulnerable sites under .FR and .IN TLDs. We just think of a few theories why this is so. Maybe they haven’t updated to the version of OpenSSL which was vulnerable. They could also have immediately patched vulnerable sites. Another possible reason is in these countries, relatively few servers use the most recent versions of Linux (and so use older versions of OpenSSL without this vulnerability).

We are going to rescan selected TLDs in a few days to monitor possible changes. In the meantime, we advise website administrators to update OpenSSL to protect their users.

Update as of April 10, 2014, 10:18 A.M. PDT: The title has been edited for clarity. 

For other posts discussing the Heartbleed bug, check these other posts:

•  Trend Micro Heartbleed Detector Now Available
•  Bundled OpenSSL Library Also Makes Apps and Android 4.1.1 Vulnerable to Heartbleed
•  Heartbleed Bug—Mobile Apps are Affected Too
•  Skipping a Heartbeat: The Analysis of the Heartbleed OpenSSL Vulnerability

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Heartbleed Vulnerability Affects 5% of Select Top Level Domains from Top 1M