More than a month after Heartbleed was announced, thousands of websites remain vulnerable to the bug.
Researchers at AVG have investigated the top 800,000 sites visited worldwide and discovered that 12,043 are still vulnerable. This includes government-run websites in Asia and Brazil. The most popular websites such as Facebook have been patched, but users should change their passwords if they have not already.
Heartbleed affected OpenSSL’s security protocols, a functionality that was introduced years ago but only revealed last month. It allows attackers to search through the memory of a server, router, or another vulnerable device for sensitive data such as passwords and crypto-keys.
The websites known to have been affected are available here.
