Guarding Against Heartbleed

Guarding Against Heartbleed

by Fox Van Allen for Techlicious

On the heels of the dramatic Heartbleed vulnerability news – comes browser extensions for Chrome & Firefox that can help guard against this problem.–PC Pitstop.

Though news of the Heartbleed SSL bug broke early last week, the danger to your personal data is far from over. Countless websites are still vulnerable to Heartbleed data leaks, and will be for some time. The only way to surf safe is to change all your passwords, and only after you test each site you visit.

The good news: Checking sites for Heartbleed just got a whole lot easier thanks to a pair of new browser plug-ins that automate your safety research for you. Techlicious recommends you immediately download the incredibly useful Chromebleed extension for Google Chrome or the Heartbleed-Ext extension for Mozilla Firefox. Neither Apple’s Safari browser nor Microsoft’s Internet Explorer have plug-ins available at this time. So this would be a good time to check out a new browser, if you don’t have Chrome or Firefox already installed.

Article Continued Here

This excerpt appears with the permission of Techlicious.

99 total views, 2 views today

(Visited 24 times, 1 visits today)

6 thoughts on “Guarding Against Heartbleed

  1. @David Wendorf:

    I completely second that – people will only be MORE vulnerable if they don’t think twice and follow the ill advise you can see popping up here and there.

    One thing though… how do I know used to be running v1.0.1 or 1.0.2 beta)?

    Should I simply “rely” on the transparency of numerouw websites, which is not in my nature to simply trust them enough…. or… is there any site availble that lists all of these sites?

    Any help welcome, thanks !

  2. I don't know how well these extensions work but:
    DO NOT CHANGE YOUR PASSWORDS UNLESS YOU CAN VERIFY THESE 3 THINGS:
    1) The website was running the affected version of OpenSSL (v1.0.1 and v1.0.2 beta)
    2) The website has applied the necessary patch for the affected versions of OpenSSL
    3) The website has updated their certificates
    If your website is still running OpenSSL v1.0.0 it is not vulnerable to Heartbleed. Heartbleed allows the affected OpenSSL memory to be read on the website's server. If it wasn't patched and certificates updated, the site is still vulnerable and you're putting a new password into the memory (which remains active until rebooted) for the hackers to access. Servers can go for months without rebooting. Wait until all 3 of these things are verified, or you're wasting your time and putting your new password into memory to be hacked.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.