Check if your websites are vulnerable to Heartbleed Bug


heartbleed bugHeartbleed Bug is the serious flaw in the popular OpenSSL cryptographic software library. This encyption flaw allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.

 

“It’s a big deal for Internet users, especially when it comes to protecting financial information,” Joe Siegrist, CEO and cofounder of LastPass, told Mashable. “Some financial organizations are using more conservative web security choices like Microsoft, which is not vulnerable to the bug, so users should check and see if their bank has been affected.”

 

The Heartbleed bug “allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software, This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.” according to Codenomicon’s Heartbleed.com site, which added, “This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”

It is recommended to change passwords for all the accounts on website being affected by Heartbleed Bug but before changing the passwords for affected websites, users should first check that those sites have fixed the Heartbleed problem.

 

To check if your website is not affected by Heartbleed Bug follow the simple steps:

1. Go to the Heartbleed checker by the password security firm LastPass

2. Enter the URL of any website to check its vulnerability to the bug

3. If the affected websites have issued the patch then change your passwords for major accounts

4. if the website hasn’t patched the flaw yet, do not change your password now

 

Keep an eye on your account for next few days to check for any suspicious activity.

 

Other Tools to check if your site is secure is secure are:

https://filippo.io/Heartbleed/
https://www.ssllabs.com/ssltest/