Heartbleed bug still compromises websites

The Bleeding Heart Dove - Wikimedia CommonsA bug that compromised systems in April this year still poses threats despite patches made to cover the security hole.

According to researchers at the University of Maryland, website administrators are still at threat from the Heartbleed bug.

The malefic sofware compromises the OpenSSL (secure sockets layer) making it possible for those with a malicious bent to read the memory of systems.

The Maryland researchers looked at a million sites in the United States in a bid to discover whether sys admins applied the correct protocols to prevent the bug.

While nearly 93 percent of web administrators patched the hole within three weeks of the arrival of Heartbleed, the researchers found only 13 percent followed up with other measures to make their systems bulletproof.

Sys admins should have patched OpenSSL software, revoke current certificates and re-issue new ones, said the researchers.

If these measures hadn’t been taken, attackers with a website private key could still pose as a website.