Affected by this HEARTBLEED bug? Test now!
Github has a list of websites, and there’s way to test out whether the bug affects a certain website, including well-known ones.
A confounding computer bug called “Heartbleed” is causing major security headaches across the Internet as websites scramble to fix the problem and Web surfers wonder whether they should change their passwords to prevent theft of their email accounts, credit card numbers and other sensitive information.
The breakdown revealed that it affected a widely used encryption technology that is supposed to protect online accounts for a variety of online communications and electronic commerce.
Security researchers who uncovered the threat are particularly worried about the lapse because it went undetected for more than two years. They fear the possibility that computer hackers may have been secretly exploiting the problem before its discovery.
“I don’t think anyone that had been using this technology is in a position to definitively say they weren’t compromised,” Chartier said.
“I would change every password everywhere because it’s possible something was sniffed out,” said Wolfgang Kandek, chief technology officer for Qualys, a maker of security-analysis software.
Facebook, which has more than 1.2 billion accountholders, also believes its online social network has purged the Heartbleed threat. But the company encouraged “people to take this opportunity to follow good practices and set up a unique password for your Facebook account that you don’t use on other sites.”
Online short messaging service Twitter Inc. and e-commerce giant Amazon.com Inc. say their websites weren’t exposed to Heartbleed. Ebay Inc., which runs the PayPal payment service as well as online shopping bazaars, says most of its services avoided the bug.
Changing passwords on other online services potentially affected by Heartbleed won’t do much good, security experts said, until the problem is patched. The trouble-shooting software was released already.
The problem affects only the variant of SSL/TLS known as OpenSSL, but that happens to be one of the most common on the Internet.
About two-thirds of Web servers rely on OpenSSL, Chartier said. That means the information passing through hundreds of thousands of websites could be vulnerable, despite the protection offered by encryptions. Beside emails and chats, OpenSSL is also used to secure virtual private networks, which are used by employees to connect with corporate networks seeking to shield confidential information from prying eyes.
Heartbleed exposed a weakness in encryption at the same time that major Internet services such as Yahoo, Google, Microsoft and Facebook are expanding their usage of that technology to reassure the users about the sanctity of their personal data.
Use this link to check if your link or url has been affected by Heartbleed Bug.
And if yes, you know what to do right away. Just change all the passwords first - Facebook, Twitter, EBAY, Paypal, Banks, etc..