Half of websites using Open SSL security software vulnerable

More than half of all websites deploying the commonly used security software Open SSL are still vulnerable to cyber attack nine months after the discovery of Heartbleed, the security bug.

Sites are failing to protect their users by updating the key Open SSL software, with 56 per cent of sites using a version that dates back four and a half years, according to a report by Cisco.

The Heartbleed bug, discovered in April last year by cyber security researchers, is a fundamental flaw in a software used across two-thirds of websites, allowing hackers to request information such as passwords stored in a computer's short term memory.

John Stewart, Cisco's chief security officer, said users did not know whether websites they are visiting are safe. Hackers used Heartbleed to hit the Canadian tax authority's website and the UK parenting website Mumsnet, among other services.

"When we travel around the internet, we don't know if we're going to current versions or not current versions," he said. "More than half of the sites are using very vulnerable versions of SSL."

He added that "patching", or updating software, was a key way of lowering a company's cyber risk and it is not clear why they are not doing it when they had had "plenty of time". Browsers are also often not kept up to date, the report found, with only 10 per cent of Internet Explorer requests coming from the most recent version of the programme, and 64 per cent of Google Chrome requests.

Last year saw the discovery of significant vulnerabilities in the basic architecture of the internet that security researchers said could have been used by cyber criminals for years. Companies including Google and Facebook rushed to shore up their systems before the Heartbleed bug was announced for fear cyber criminals would take advantage of it as soon as it became public.

<

The tabular content relating to this article is not available to view. Apologies in advance for the inconvenience caused.

Cisco's annual security report also found that spam had soared in 2014, reversing a decline in number of emails sent to rise 250 per cent last year. Mr Stewart said: "Spam is back but it is different. It is not your grandmother's spam."

Spammers are getting better at thwarting the filters designed to catch them, said Jason Brvenik, principal engineer for Cisco, by sending a few messages from 100s of accounts, rather than hundreds of thousands from the same server. Like marketers, spammers are paying attention to click through rates on their emails and adapting their message to make it more effective, he added.

© The Financial Times Limited 2015. All rights reserved.
FT and Financial Times are trademarks of the Financial Times Ltd.
Not to be redistributed, copied or modified in any way.
Euro2day.gr is solely responsible for providing this translation and the Financial Times Limited does not accept any liability for the accuracy or quality of the translation