How To Test HTTPS Websites For Heartbleed Bug

How To Test HTTPS Websites For Heartbleed Bug

Earlier this week, news broke of a serious bug in OpenSSL that affects approximately 66% of the Internet. The bug, known as Heartbleed, has been making front page news the past couple days. I won’t go into a detailed description, but essentially a hacker can steal¬† an SSL/TLS-enabled website’s private encryption key and gain access to your information (e.g. usernames, passwords, credit card numbers). OpenSSL versions 1.0.1-1.0.1f are susceptible to this attack. Sites running any other version are not vulnerable to Heartbleed. Needless to say, this exploit has kept IT departments all over the world very busy this past week. Most of the major Internet players (e.g. PayPal, eBay, Amazon, Google)¬† have already been patched. However, you can never be too sure. If you want to know if the sites you’re visiting are vulnerable, use the URL below. It initiates a Heartbleed test against any HTTPS website before you login. If all is well, you can continue to the use the site. If it fails, stop using the site until it is fixed.

http://filippo.io/Heartbleed/

About the Author

avatar KALE: A geek who works in the IT field and lives in Dallas, TX. He is also a music geek who has played in several local bands. Previous to his IT career, Kale worked as a photojournalist. He brings technical advice and artistic counterpoint to the podcast.