123ArticleOnline Logo
Welcome to 123ArticleOnline.com!
ALL >> Computers >> View Article

90% Of Impacted Cloud Providers Still Haven’t Updated Certificates 1 Week After Heartbleed

Profile Picture
By Author: Lauren Ellis
Total Articles: 35
Comment this article
Facebook ShareTwitter ShareGoogle+ ShareTwitter Share

As we’ve reported, hundreds of cloud providers were vulnerable to the Heartbleed bug in OpenSSL even days after the vulnerability was widely publicized. Looking at the latest data pulled this morning, much progress has been made and there are only 42 Cloud Security services that are vulnerable to Heartbleed. For these services, user data, passwords, and private keys for these services can be stolen using a simple exploit.

However, more alarming today is the number of cloud services that have not fully addressed their past vulnerability. After patching SSL, the next step cloud providers must take is to reissue their certificates. As reported by CloudFlare, Heartbleed can be used by an attacker to access private keys and impersonate a website. Since Heartbleed exploits don’t leave a trace in server logs, cloud providers must assume their private keys have been compromised even if they don’t have any evidence of them being stolen.

Certificate updates trail Heartbleed patching
Most websites have patched SSL but they are reissuing and revoking certificates ...
... at a much slower pace. Netcraft reported that only 30,000 websites (out of more than 500,000) reissued new certificates by the end of last week, and even fewer have revoked their certificates. While not completely eliminating the risk of a man-in-the-middle attack (MITM) this is a critical step in reducing the risk of these attacks.

Skyhigh is tracking certificate updates across cloud providers and as of this morning only 13.3% of Cloud Security service providers affected by Heartbleed have updated their certificates. A smaller percentage have both reissued and revoked their certificates, making them vulnerable to impersonation in a phishing scam or man-in-the-middle attack. Most certificate authorities have agreed to replace certificates for free, but there are complaints they aren’t prepared for the volume of certificates that need to be reissued.

Already we’re seeing that Heartbleed has exposed not just a vulnerability in SSL but vulnerabilities in the way we approach security. According to security researcher Bruce Schneier:
“We’ve learned how hard the human aspects of a security system are to coordinate. We’re learning that we don’t have the infrastructure necessary to quickly revoke millions of certificates and issue new ones. We’re learning that some of our critical open-source software is maintained by volunteers who have busy lives, and that often no one else is evaluating that software’s security. We’re learning how complicated the process of disclosing a vulnerability of this magnitude is.”

Cleaning up and determining your exposure
Aside from critical infrastructure your company uses, corporate IT departments are being asked to quantify their exposure. With over 96% of companies using cloud services impacted by Heartbleed, the chances that your sensitive data was vulnerable is extremely high. Skyhigh has already provided our customers with the Cloud Security services they use that were impacted, and we’re extending those audits to any company for free.

Author :
Lauren Ellis is a research analyst covering the technology industry’s top trends & topics, focusing on Cloud Security, Cloud Computing, Data Loss Prevention etc.,

Total Views: 483Word Count: 496See All articles From Author

Add Comment

Computers Articles

1. Scraping Dan Murphys Liquor Products Details Data
Author: FoodDataScrape

2. Blue Wizard Liquid Drops 30 Ml 2 Bottles Price In Lahore
Author: bluewizard.pk

3. How Does Blockchain Resolve Data Privacy And Security Issues For Businesses?
Author: Severus Snape

4. Scrape Quick-commerce Data From Deliveroo Hop Uae
Author: FoodDataScrape

5. Web Scraping Quick-commerce Data From Noon Minutes Uae
Author: FoodDataScrape

6. Helical Insight: Best Open Source Data Visualization Tool In 2025
Author: Vhelical

7. Scrape Top Selling Grocery Product Data From Walmart Usa
Author: FoodDataScrape

8. Extract Quick Commerce Data From Flipkart Minutes
Author: FoodDataScrape

9. Refurbished Laptop Scams And How To Safely Buy A Trusted Device
Author: Sujtha

10. Web Scraping Freshco Supermarket Product Data In Canada
Author: FoodDataScrape

11. How To Compare Two Lists In Excel​: A Definitive Guide For Data Professionals
Author: blackjack

12. Monthly Updated Uber Eats Menu Dataset For 500k+ Restaurants
Author: FoodDataScrape

13. Extract Mcdonalds Store Locations Data In Usa For Competitiveness
Author: FoodDataScrape

14. Scrape Spicy Food Trend Data In Usa 2025 For Competitive Advantage
Author: FoodDataScrape

15. Why Startups Should Invest In Custom Software Development Service
Author: Albert

Login To Account
Login Email:
Password:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: