POODLEs, More POODLEs, FREAK Attacks Too: How Server Administrators Responded to Three Serious Web Vulnerabilities

摘要

We present an empirical study on the patching characteristics of the top 100,000 web sites in response to three recent vulnerabilities: the POODLE vulnerability, the POODLE TLS vulnerability, and the FREAK vulnerability. The goal was to identify how the web responds to newly discovered vulnerabilities and the remotely observable characteristics of websites that contribute to the response pattern over time. Using open source tools, we found that there is a slow patch adoption rate in general; for example, about one in four servers hosting Alexa top 100,000 sites we sampled remained vulnerable to the POODLE attack even after five months. It was assuring that servers handling sensitive data were more aggressive in patching the vulnerabilities. However, servers that had more open ports were more likely to be vulnerable. The results are valuable for practitioners to understand the state of security engineering practices and what can be done to improve.