An effort is currently underway to switch Google Chrome over to BoringSSL, an OpenSSL fork the search engine giant announced last month. Weaning the world’s most popular browser off of the two cryptographic software libraries it currently uses (OpenSSL on Android and Mozilla NSS on all other platforms) is proving somewhat difficult at this early stage, though.
Even after applying a Heartbleed patch, many websites are still vulnerable
Heartbleed received a ton of media attention, and for good reason -- the security flaw in OpenSSL caught the Internet with its collective pants down, which in turn prompted website owners, IT workers, and web admins to all go scrambling for a fix. Now that there's a patch available, are we once again safe? Not really, says AVG, According to AVG, thousands of popular websites need to update their servers to stay protected from a new vulnerability.
Many a heart skipped a beat when it emerged earlier this month that millions of web servers around the world were vulnerable to a yawning hole in the open-source OpenSSL cryptographic software library. The discovery sent IT execs and web admins around the world scampering to plug the hole. Ten days after coverage of Heartbleed first began, security research firm Sucuri decided to scan the Internet’s top one million websites (as ranked by Alexa) to see how many of them were still vulnerable.
Website owners far and wide scramble to fix a major vulnerability
This has been one of the busier weeks in recent history for IT workers and web admins. Earlier this week, researchers discovered a major flaw in OpenSSL, an open source encryption technology that's utilized by an estimated two-third of the world's websites. They're calling it "Heartbleed." By exploiting the bug, cybercriminals can comb through a server's memory and pluck sensitive user data, including usernames, passwords, credit card numbers, and more.