Heartbleed’s Long Dangerous Tail

It’s been two weeks since the Heartbleed bug was disclosed, and, here at 6Scan, we’re encouraged that 99% of the sites we scan, and 100% of the sites we protect, are unaffected by this critical vulnerability.

Unfortunately, the 1% of sites we scan that are affected represents thousands of destinations with millions of monthly page views. We’ve researched these sites and grouped them by Alexa rank (see image below). The vast majority are part of the internet’s “long tail” small sites – ranking outside Alexa top 1,000,000 – that serve niche communities and special interests.

It’s tempting to marginalize these vulnerable sites because of their size, but don’t. Left unchecked, these small sites put everyone at risk.

Why? Breaching small sites is an essential part of the black-hat economy. They provide the resources for hosting phishing pages, infecting consumers, avoiding malicious IP black listing, launching DDOS attacks and many other nefarious activities. Protecting these sites, and their visitors, is critical for ongoing viability of the internet.

While Heartbleed had many of us primarily concerned with larger properties and institutions running vulnerable Open SSL versions, it’s important to remember that small sites pose a threat as well.  If you’re concerned about the smaller sites that you visit, there are a variety of tools available that claim to provide information on a website’s Open SSL status, including this one.

The chart below shows the breakdown of effected Heartbleed websites by Alexa rank. 1.3% of the vulnerable sites are within the top 100,000 most trafficked sites on the internet. As a reference point the 100,000 ranked site would average about 25,000 unique page views per month. What makes the long tail so dangerous is than over 90% of the sites still affected are outside the top 1 million.