Heartbleed

More than a year after its introduction, the notorious HeartBleed security flaw remains a threat to more than 200,000 internet-connected devices.

This according to Shodan, a search tool that (among other things) seeks out internet-of-things (IoT) connected devices. Founder John Matherly posted a map the company built showing where many of the world's remaining vulnerable devices lay.

A detailed analysis by cybersecurity experts from the University of Maryland found that website administrators nationwide tasked with patching security holes exploited by the Heartbleed bug may not have done enough.

First disclosed in April 2014, Heartbleed presents a serious vulnerability to the popular OpenSSL (Secure Sockets Layer) software, allowing anyone on the Internet to read the memory of systems that are compromised by the malicious bug.

Further details are emerging on the massive data breach at US hospital operator Community Health Systems (CHS) that saw around 4.5 million patient records being leaked.

Security vendor TrustedSec claimed yesterday that the "Heartbleed" in the open source cryptographic library was to blame for the data breach.

Insufficient web hosting security has been a subject of concern lately as successful online security breaches, like the widely publicized HeartBleed bug, have made waves across the media.

The wounds caused by Heartbleed remain at the front of many minds, just a few weeks after a bug in the OpenSSL cryptographic library threatened to throw the world's Internet population under the bus.

The flaw could have allowed hackers to reveal contents of secured communications — such as passwords and credit card transactions. But to make matters worse, the fears around the flaw were only compounded when another separate vulnerability was found, this time in OAuth and OpenID, a few weeks later.