The Heartbleed Bug Is Mostly Fixed, but Not Entirely

If you’ve been worried about the dreaded Heartbleed vulnerability that shook the foundations of the Internet, you can start to breathe a little easier. But not completely.

The folks at the Internet security firm Sucuri have done a systematic scan of the top million sites on the Internet as determined by Amazon’s Alexa, and according to its findings, as related in a blog post by its CTO Daniel Cid, there’s mostly good news, but some bad.

The good news is that according to its findings, the top 1,000 sites on the Web are safe. They’ve been updated, their certificates and keys recreated, and they’re now safe to use, though you should probably still change your passwords just to be cautious. Perhaps even more reassuring is that within the top 10,000 sites, only 53 were found to still be vulnerable.

The bad news, and it’s relative, is that many -- about two percent -- of the of top million sites are still vulnerable. That works out to more than 20,000 sites. The more popular a site, the more likely it is to have been fixed.