It's been a month since the Heartbleed bug was announced, so I thought I'd rescan the Internet (port 443) to see how many systems remain vulnerable. Whereas my previous scan a month ago found 600,000 vulnerable systems, today's scan found roughly 300,000 thousand systems (318,239 to be precise).
The numbers are a little strange. Last month, I found 28-million systems supporting SSL, but this month I found only 22-million. I suspect the reason is that this time, people detected my Heartbleed "attacks" and automatically firewalled me before the scan completed. Or, another problem is that I may have more traffic congestion at my ISP, which would reduce numbers. (I really need to do a better job detecting that).
Last month, I found 1-million systems supporting the "heartbeat" feature (with one third patched). This time, I found 1.5-million systems supporting the "heartbeat" feature, with all but the 300k patched. This implies to me that the first response to the bug was to disable heartbeats, then later when people correctly patched the software, heartbeats were re-enabled. Note that only OpenSSL supports heartbeats, meaning that the vast majority of SSL-supporting servers are based on software other than OpenSSL.
Note: This scan was only port 443. I really should scan for other well-known SSL ports, like SMTP ports. If I get around to that, I'll post the results here.
Note: This was a scan of IPv4 addresses. Scans starting from DNS domain-names produce wildly different results. A lot of news stories focus on things like "the top million domain names", the results of which are unrelated to this scan.
Note: The count "22-million" is that of systems responding to the SSL handshake. There are many more systems that respond to the probe, but which do not talk SSL. Most systems that respond with a SYN-ACK make no further communication. Other's respond with things like Banner on port "SSH-2.0-OpenSSH_4.3" or "HTTP/1.0 403 Forbidden" -- which are not SSL.