Some half-fixed websites retain some vulnerability to the Heartbleed bug.
According to researchers at the 2014 Internet Measurement Conference in Vancouver, while sys admins may have run in the necessary patches, they haven’t gotten around to revoking the PKI certificates their sites had before the bug was discovered.
As explained by assistant research scientist Dave Levin, sites needed to “patch their OpenSSL software, they needed to revoke their current certificates, and they needed to reissue new ones”.
VIEW FULL STORY
Listen again to IT Security Guru’s webcast on dealing with major threats such as Heartbleed, here https://www.brighttalk.com/webcast/11399/131731