Heartbleed bug: Checking websites and changing passwords
In the wake of the discovery of the Heartbleed bug in OpenSSL, some security experts even went as far as advising users to avoid the Internet for a few days until the problem is sorted.
I doubt many have listened to that advice, so here is what you can do instead: check whether the websites you visit regularly are vulnerable.
If the website you want to check is not on one of them, you can do it by entering the website’s URL in one of the following tools: LastPass Heartbleed checker, Qualys’ SSL Labs Server Test, or Filippo Valsorda’s Heartbleed test.
Firefox and Chrome users can simplify the process by downloading and installing an add-on that detect websites that are vulnerable: Heartbleed-Ext (Firefox), or Chromebleed. Both add-ons come with the warning that “in some jurisdictions, site testing can only be carried out with the express permission of the site owner,” so users are advised to check what the law says in their local area before proceeding to download the extensions.
It’s good to note that as demand for similar extensions and testing services rises in the coming days, users should be careful not to automatically trust all offerings, as cyber criminals might offer malware masquerading as add-ons.
It’s also good to note that all these tools might not be 100 percent effective – false positives will surely arise – so it might be a good idea to avoid doing online banking and buying things online until you are absolutely sure that the service has fixed the vulnerability and changed their SSL certificates (they have notified you directly, or they have issued a public statement about it).
If they haven’t, you might want to consider asking them to do it as soon as possible.
Once you are sure that a website or service is safe, make sure to change your password if you have an account.