Wednesday, April 9, 2014

OpenSSL Heartbleed bug - Are you ok? Here is where you can start...

Your passwords and security on web sites that were vulnerable due to OpenSSL Heartbleed bug??... Don't assume anything.

(1) Check if your password manager site/tool has been affected.

(2) Check if any site where you have accounts has been affected by this bug.

(3) Change the passwords on these sites ONLY if they are NOT vulnerable any more.

Here is how you can do all this checking. 

To check in realtime if the site is currently vulnerable, just go to https://SSLlabs.com and enter the URL of the site that you are concerned about.

To check the top 1000 list produced in the morning of April 8th, go to the following site:
https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt

Some of the websites are good about informing their customers what is going on through their blogs. If you are concerned, you can always find the blog for that company and see what they are saying. For example, I was concerned about LastPass.com and I found good information about it on their blog at: http://blog.lastpass.com/2014/04/lastpass-and-heartbleed-bug.html?m=1

Good Luck and be don't assume that your personal info and passwords were not compromised.


       

No comments:

Post a Comment