In the wake of the Heartbleed Bug revelation last week, there has been a blizzard of advice - myth busting articles, companies saying “Not Us!” regarding being susceptible to compromise and even a denial by the N.S.A. that it was not aware of the bug and therefore contrary to reports in Bloomberg (News - Alert) was not exploiting it.
Watching the advice being issued has been fascinating. I for one changed all of my passwords to the popular sites I visit which were identified as open for hacking. However, many in the security business have said, “not so fast” on password changing since you really need to know if the sites visited have protection before you change your password. Obviously if they are not protected in this case your new password is still obtainable by the bad guys.
Well here is a bit of news to mend that potential bleeding heart. Security major player McAfee (News - Alert) has released a free tool to help consumers easily gauge their susceptibility to the potentially dangerous effects of the vulnerability exposed in OpenSSL known as the Heartbleed Bug. By entering website domain names into the Heartbleed Checker tool, consumers can immediately determine if the websites they frequent have been affected by Heartbleed by checking whether or not the sites have been upgraded to the version of OpenSSL that is unsusceptible to the bug.
“It’s important that users first check to make sure the websites they frequent are updated before changing their passwords,” said Gary Davis, vice president of consumer marketing at McAfee, part of Intel (News - Alert) Security. “In the wake of confusing information floating around, our tool makes it easy for consumers to quickly access the information they need. Armed with this information, consumers can decide when it is time to change their passwords and regain confidence in a safe web surfing experience.”
I have downloaded the Heartbleed Checker tool, and so far so good. You may wish to consider doing this as well, and sooner rather than later. The Hearttbleed Bug is estimated to affect up to two-thirds of all websites. As has been noted by everyone, this is really serious stuff with sites that have not gotten the proper protection for shoring up the OpenSSL encryption software open to having a raft of personal information including usernames, passwords, credit and debit card numbers, and potentially being made available to the bad guys.
So here is the best advice of the day according to McAfee, they suggest using the tool to determine which sites you use are affected and then change those account passwords when you are assured the affected sites are patched.
Once again here is the url for the tool, http://blogs.mcafee.com/consumer/what-is-heartbleed. And, remember an ounce of protection really is worth a pound of cure, and that piece of mind is priceless.