This Netcraft tool flags sites affected by Heartbleed
The new browser plug-in can identify Web sites that maybe vulnerable to the OpenSSL bug
IDG News Service - Worried about how the Heartbleed vulnerability may affect your personal accounts? A new tool may be of help.
British Internet security services provider Netcraft has released a browser extension that alerts users when a site they visit hasn't been patched to protect against malicious use of the Heartbleed vulnerability, found in certain versions of the OpenSSL (Secure Socket Layer) encryption library.
The free extension can be installed on the Chrome, Firefox and Opera browsers.
OpenSSL is an open-source implementation of the SSL and TLS (Transport Layer Security) protocols, which are used to encrypt sensitive data, such as passwords, so they can transmitted securely across a public network.
Only certain versions of OpenSSL are affected by Heartbleed. These affected versions were mostly deployed in conjunction with the open source Apache and Nginx servers -- which run about 66 percent of all servers on the Internet.
A fix is available but there is no way for consumers to tell if the sites they visit have applied the patch.
Even when a site has fixed the vulnerability, attackers might have already used Heartbleed to purloin the private key of the site, which means they could steal data by way of a man-in-the-middle attack.
Netcraft's extension, an update of a previously released security tool, checks to see if the site could be vulnerable to the Heartbleed bug, using data from a prior Internet-wide automated survey the company conducted.
If so, the software then checks the private key certificate of the site a user is visiting to see if it has been updated since the Heartbleed disclosure. If not, the site is flagged as unsafe.
- Why Open Source Software Isn't as Secure as You Think
- Heartbleed still matters, and we're all partly to blame
- The Next Heartbleed: 5 Security Vulnerabilities to Watch
- Security Manager's Journal: Dealing with the heartburn of Heartbleed
- Rush to fight Heartbleed leads to errors with certificates and patches
- Security Manager's Journal: With Heartbleed, suddenly the world is paying attention to security
- Kenneth van Wyk: Looking beyond Heartbleed
- Tip of the Hat: Heartbleed prompts chastened tech giants to fund OpenSSL
- Most but not all sites have fixed Heartbleed flaw
- 3 privacy violations you shouldn't worry about
- Deep Security +VMware vSphere with Operations Management Most midsize organizations are highly virtualized on VMware, and while this has produced significant savings, it also has created new challenges when it...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- DDoS Infographic: How Are Attacks Evolving? For the third consecutive year, Neustar surveyed businesses across major industries to track the evolution of DDoS attacks. Are they more frequent? Larger?...
- How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Malware and Vulnerabilities White Papers | Webcasts