back to article Most top corporates still Heartbleeding over the internet

A depressing 76 percent of the top 2000 global organisations have public facing systems still exposed to Heartbleed, researchers say. The exposure means attackers could nab passwords, login cookies, private cryptographic keys and more using the vulnerability first disclosed 12 months ago. Australia is the least-repaired …

  1. veti Silver badge

    What is a "top 2000 global organisation"

    ... and where do I apply to become one?

    I looked through the linked PDF, and there's not a word that actually defines what the term means. Only when you get to the references, is there a pointer to Forbes.com's "global 2000", which I'm guessing means that's the answer.

    And of course, most of those companies are multinationals. So these industrious hackers have been "testing" and discovering that servers in different countries, but belonging to the same companies, are in different states of patchedness. A server belonging to HyperGlobalMegaNetCorp in Germany is more likely to be patched than one in Australia.

    So much for globalisation...

  2. Infernoz Bronze badge

    Oracle server /still/ uses insecure SSL negotiation on their public blog site!

    My Thunderbird is configured to refuse this, and I'm not downgrading it's security; sham on Oracle who damned well ought to know better, including for several internal oraclecorp sites with other obvious security issues!

  3. Christian Berger

    My favourite is Teles AG in Germany

    Their "support forum" they use to publish firmware images also runs on a Windows machine with an affected version of OpenSSL, it even says so right in the directory listings. So if you would execute the attack on this, you'd probably get the password to put new firmware images on there.

  4. Anonymous Coward
    Anonymous Coward

    Re: or simply don’t grasp the gravity of the situation

    I would like to suggest yet another possibility:

    Organization do fully grasp the gravity of the situation, but are simply unable to respond. In the case of my current job, a key system is known to be vulnerable to Heartbleed. Being a government agency, when the security spooks scream "Patch that!" you need a damn good reason not to. That damn good reason: the vendor didn't patch the OS. So they stuck it behind a firewall. This may get patched somewhere in the next year or two when they replace the system. But the system is huge and they need a clean migration path since the server supports a couple hundred thousand accounts.

  5. Anonymous Coward
    Anonymous Coward

    Does this include banks?

    If these statistics apply to the bank industry as well, how does this affect the economy exactly?

    I am concerned if my bank can be hacked and they take my money out whether it is insured by the FDIC?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like