14 DAY TRIAL // Last week, Heartbleed was revealed to the world and the entire Internet was set on fire. Millions upon millions of sites were affected and they’ve all been scrambling to patch up Heartbleed ever since.
While most of them have already managed to fix things, there are still sites out there that are not safe to use or that could be exploited by hackers.
There are ways, however, to find out if you’re on such a dangerous website or if everything is fine. Last week, Chromebleed was released – a Chrome extension that displays a pop-up each time you visit a website that could still be affected by the most dangerous malleability in a long time.
Now, there’s another way to make sure you’re navigating safe seas – Netcraft.
The toolbar can be installed on a number of browsers – Chrome, Firefox and Opera. Normally, it gives information about websites to show you their attributes during your visits. The list includes the site’s hosting location, country, longevity and even popularity.
Now, the extension uses data from the Netcraft SSL Survey to determine whether a site offered the heartbeat TLS Extension prior to the Heartbleed disclosure.
If the answer is positive, the extension will also check to see if the site’s SSL certificate has been replaced or not. If the certificate hasn’t been reissued, then the site is deemed unsafe, and their private keys could have been compromised.
The tool is not infallible since a replaced certificate does not guarantee that the site cannot still be affected, but it’s an added layer of protection that you didn’t have before.
The extension will from now on indicate when a site is potentially unsafe by displaying the by now popular bleeding heart icon. In Chrome and Opera, a warning triangle will be displayed on top of the Netcraft icon, so you can be sure you won’t miss it.
Heartbleed was exposed last week as a bug affecting OpenSSL. Unfortunately, the vulnerability has been around for the better part of the past two years, passing from one version of OpenSSL to the next.
Attacks exploiting this bug do not leave any traces on the affected servers, which means that it’s impossible to know whether there have been any attacks and what data has been stolen. This is why users have been advised to change their passwords on most sites, including Google, Yahoo, and Facebook.
You can download Netcraft from Softpedia