• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

PyPI maintainers alert users to email verification phishing attack

 | 

FBI seizes 20 BTC from Chaos Ransomware affiliate targeting Texas firms

 | 

Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company

 | 

Orange reports major cyberattack, warns of service disruptions

 | 

Hackers leak images and comments from women dating safety app Tea

 | 

Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights

 | 

Seychelles Commercial Bank Reported Cybersecurity Incident

 | 

Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

 | 

U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

 | 

Scattered Spider targets VMware ESXi in using social engineering

 | 

China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

 | 

Allianz Life data breach exposed the data of most of its 1.4M customers

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Intelligence
  • Security
  • Statistics on the impact of Heartbleed on Select Top Level Domains

Statistics on the impact of Heartbleed on Select Top Level Domains

Pierluigi Paganini April 11, 2014

The Heartbleed Bug is probably the most serious menace to the modern Internet, a serious flaw in the popular OpenSSL library that is having a great impact.

It’s been just over 48 hours after the disclosure of the news about the Heartbleed vulnerability, the serious flaw which affect OpenSSL library that allows an attacker to reveal up to 64kB of memory to a connected client or server.

There are many assumptions made in these days, the bug is the result of a programming error or has been intentionally introduced? And by whom? As usual happen in these cases, security experts try to evaluate the impact of the vulnerability.

The Heartbleed bug is probably the biggest security threats in the story of the Internet, it affected many popular websites and web services including Facebook and Gmail, but the disconcerting truth is that the flaw could have exposed users’ sensitive account information over the past two years. Another aspect to consider is that probably Governments, just after the disclosure of Heartbleed vulnerability, immediately started to exploit the flaw to collect these precious information.

“My guess is that when Heartbleed became public, the top 20 governments in the world started exploiting it immediately,” commented Bruce Schneier.

But I add that probably many of the 20 governments were already aware of the flaw with critic consequences.

A good starting point could be the evaluation of  the Top Level Domain (TLD) names of the top 1,000,000 domains ranked by Alexa.

Experts at TrendMicro have analyzed all websites which use SSL distinguishing “vulnerable” from “safe”, nearly 5% are affected by the Heartbleed flaw (CVE-2014-0160) have extension .KR and .JP. It’s interesting to note that top five countries include .RU, .CN and GOV sites.

heartbleed SSL scan results

On the other hand, countries like France and India have a low number of vulnerable websites under FR and IN TLDs.

“We just think of a few theories why this is so. Maybe they haven’t updated to the version of OpenSSL, which was vulnerable. They could also have immediately patched vulnerable sites. Another possible reason is that these countries don’t use much machines with the most recent versions of Linux.” commented Maxim Goncharov, Senior Threat Researcher at TrendMicro

Web portal Ars Technica reported that MediaMonks of the Netherlands had evidence of exploit attempts going back to November 2013, the source IP addresses for those attacks belong to a botnet.

Net monitoring company Netcraft suggested that  nearly 500,000 servers were vulnerable to the Heartbleed bug, I’m using the past verb because the situation is in continuous evolution.

“Our most recent SSL Survey found that the heartbeat extension was enabled on 17.5% of SSL sites, accounting for around half a million certificates issued by trusted certificate authorities. These certificates are consequently vulnerable to being spoofed (through private key disclosure), allowing an attacker to impersonate the affected websites without raising any browser warnings.” reports Netcraft.

heartbleed extention support

In the above graph it is possible to note that just a small percentage of Microsoft web servers support the TLS heartbeat extension, as remarked by Netcraft Linux machines acting as reverse proxy front ends to Windows servers are most affected.

It is strongly suggested to revoke and replace certificates at risk of compromise, website administrators are invited to update OpenSSL.

To check  if your HTTPS website might be vulnerable you can used the following form proposed by Netcraft.


Netcraft site report
 

URL:

 

Let me close with a list published by Mashable that contains the principal web companies and provide information for the update status of their platform suggesting users to change their password if needed.

heartbleed affected companies

 

Pierluigi Paganini

(Security Affairs –  OpenSSL, Heartbleed)


facebook linkedin twitter

botnet CVE-2014-0160 encryption Hacking Heartbleed OpenSSL side-channel attack TLS

you might also like

Pierluigi Paganini July 30, 2025
PyPI maintainers alert users to email verification phishing attack
Read more
Pierluigi Paganini July 29, 2025
Orange reports major cyberattack, warns of service disruptions
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    PyPI maintainers alert users to email verification phishing attack

    Hacking / July 30, 2025

    FBI seizes 20 BTC from Chaos Ransomware affiliate targeting Texas firms

    Cyber Crime / July 30, 2025

    Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company

    Malware / July 30, 2025

    Orange reports major cyberattack, warns of service disruptions

    Security / July 29, 2025

    Hackers leak images and comments from women dating safety app Tea

    Data Breach / July 29, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT