Annual Global Census of“Heartbleed” Summary In April 7,2014,the open source network security protocol OpenSSL broke a major vulnerability (CVE-2014-0160), which can lead to disclosure of sensitive information. The vulnerability is discovered independently by Codenomicon and Google’s security engineer, and be released by an programmer named Sean Cassidy. The origin is that there is a bug in the module of Heartbleed, so attacker can use craft packet to obtain the remote memory data that as 64KB long. In the very day of one year anniversary of “Heartbleed”,ZoomEye Team have carried out the regression census of whole IPv4 space. Although influenced ip have been reduced to 14.6%, but there are still a large number(377,221) of IPs with that vulnerability. In view of the fact that it has giving enough repairing time, in order to improve the defense ability of cyber space, this report will release 1000 affected IP followed this paper, hope to arouse the security awareness of the relevant personnel. Review “Heartbleed”is absolutely worthy to known as a epic vulnerability, can be illustrated by the follow data: 1. Affected ip most widespread:ZoomEye Team have carried out the entire network scanning for HTTPS(443)、IMAPS(993)、SMTPS(465)、POP3S(995), found that affected ip number are 2,590,351, its geographical distribution as follow: Figure 1: “Heartbleed” global influence distribution in 2014 According to the affected protocols: Figure 2: “Heartbleed” affected protocols distribution in 2014 According to the affected countries/regions TOP 25: Figure 3: “Heartbleed” affected countries/regions in 2014 2. Affected most manufacturers,include FaceBook,Yahoo!, Taobao, PayPal, JD and other well-known web site, at the same time, a large number of network devices such as router, firewall, cisco, even juniper and legendsec VPN gateway also on the list. 3. Responsed most rapid, ZoomEye team continuous focus on the IPs that affected by the vulnerability, 3 days ago, found the global recovery rate reached a staggering 40%, but the same time, the fixed rate in China is only 18%, still needs to be imporved. Figure 4:“Heartbleed” repair rate of 20 countries in 3 days in 2014 一周年数据分析 After one year o fattack and defense, at the first anniversary of the “Heartbleed”, ZoomEye Team carried out a regression census, through the comparison of two set of data, get a lot of inspiration, the specific data as follows: 1. ZoomEye Team carried out scanning task for whole network IPv4 space of HTTPS(443)、IMAPS(993)、SMTPS(465)、POP3S(995),found the affected ips are 377,221, non-repare rate is only 14.6%, the geographical distribution is as follows: Figure 5:“Heartbleed” global influence distribution in 2015 According to the affected protocols: Figure 6: “Heartbleed” affected protocols distribution in 2015 According to the affected countries/regions TOP 25: Figure 7: “Heartbleed” affected countries/regions in 2014 2. Make sampling test, did not find the site that affected such as FaceBook, Yahoo!, Taobao, PayPal and other well-known sites. 3. Anniversary survey Continuous response rate Figure 8:“Heartbleed” repair rate of 16 countries in one year in 2015 Conclusion After the first anniversary of the before and after comparative analysis of old and new data can be obtained as follows: 1.Global repairment is very efficient. Global IP number which was affected has decreased to 14.6% ; 2.Protocol-dependent manner significantly affected by IP, HTTPS (443) accounted for more than twice the 50%. 3.Bug fixing ability is much faster than in the developed world to developing countries. As the developed world has more IP resource, so there are more developed countries in 2014 "affected the national Top 25 list". Developing countries such as China, India, and Russia, after a year of rehabilitation, got more position in the Top25 list in the year 2015 4.Larger website such as FaceBook,Yahoo, Jingdong, Taobao, Alipay pays more attention to security and as result, vulnerabilities was not found in sampling. 5.Continued response capacities in China still needs to improve, although from the first 18% the repair rate, rose to 59.9%, but in contrast to Korea (69.5%), Russia (78%), Hong Kong (81.8%), Taiwan (95.6%), and Japan (99%), the cyber security defense capabilities remained a matter of concern. Tips: Hey guy, how doed it feel to see the naked “ sheep wall”, if the evil U want more? Click Here to have a try!
© Copyright 2024