Thursday, April 10, 2014

How to check if your favorite websites are vulnerable to the Heartbleed bug

Heartbleed-bugBy now, you’ve probably heard of the Heartbleed bug; the flaw in the OpenSSL method of data encryption that lets hackers steal user names, passwords, emails and instant messages, credit card information, and more, while also evading detection. For the most part, aside from changing your passwords and avoiding sites that have allegedly been affected, there’s not much else you can do to combat the bug... 


However, Qualys, a Web security firm, has developed a tool that lets you scan any website to see if it’s vulnerable to the Heartbleed bug. It’s easy to pull off, too: here’s how.


Go to the Qualys SSL Labs page here, type in the name of a website, and click “Submit” to assess its vulnerability to the OpenSSL Web encryption bug. When the scan is complete, you should see a notification telling you whether the site is hit by Heartbleed.

It seems that we are not vulnerable to the bug. 







It’s worth noting that the feature is labeled “Experimental” on the site. In our experience, it took up to a minute to complete a scan, and timing varied from one website to the next, so we urge you to exercise patience when using this tool to scan your favorite page. Digital Trends reached out to Qualys to find out what “Experimental” means precisely, and get their thoughts on the seriousness of Heartbleed. We will update this story when they respond.

Alternatively, LastPass, an online password security firm, also has a Heartbleed scanner of their own that works just like the Qualys scanner does. You can check it out here to scan sites, if you’re interested in a second opinion.

There are also a couple of Android apps available in the Google Play store that claim to scan your phone or tablet and tell you if your device is using a version of OpenSSL that’s vulnerable to the Heartbleed bug. One is called Heartbleed Detector, the other is dubbed Bluebox Heartbleed Scanner. They should be your first two results when you search in the store using the term “Heartbleed.”



Source:http://www.digitaltrends.com/computing/check-favorite-websites-vulnerable-heartbleed-bug/#!DvadE

No comments:

Share |