Just two days back we informed you about the dangerous Heartbleed bug that poses a major threat to all the websites on the Internet, especially those who deal with the commercial transactions. Using this bug the hackers can sneak into the websites and gain sensitive information of its users such as credit card details, personal information and much more.
Though major websites and services like Google, Yahoo, Bing, Microsoft Azure, Office 365, Yammer, Skype have taken steps to ensure that they are protected against this dangerous bug, the threat still looms big as there are many websites that have not taken any protective measures and are likely to be targeted.
While web hosts and websites fix this problem, the process may actually take some time to complete. Changing passwords to keep yourself away from vulnerability is actually a good ploy, however the truth is that it may actually be not enough because if a site has the bug then it has already leaked into the software used by that site. Hence, your new password is exposed to the hacker as earlier your old password was.
Hence, changing the password would be effective only when the website you are using has fixed the site.
In such a scenario, the easiest way is to use Browser extensions to protect yourself from Heartbleed affected websites.
Chromebleed for Chrome Browser
If you are using Chrome browser then one of the easiest way to protect yourself from Heartbleed Bug is to install Chromebleed add-on. Once installed, this add-on display a warning if the site you are browsing is affected by the Heartbleed bug.
Chromebleed uses a web service developed by Filippo Valsorda and checks the URL of the page you have just loaded. If it is affected by Heartbleed, then a Chrome notification will be displayed. Click here for installing Chromebleed.
FoxBleed add-on for Firefox
Firefox users can use FoxBleed add-on that works similar to the Chromebleed. It achieves this by automatically checking the websites you are visiting whether they are affected by the HeartBleed Vulnerability and notifies you in case they are.
The checking process is given below
- When visiting a vulnerable website for the first time of the current browser session, a new tab with the corresponding “http://filippo.io/Heartbleed/#”-site is opened
- Indicates exposure to the vulnerability with a filled HeartBleed icon in the bottom right corner
- Checks each domain name only once per browser session
Heartbleed-Ext add-on for Firefox
Heartbleed-Ext uses a web service developed by Filippo Valsorda and checks the URL of the page you have just loaded. If it is affected, a Firefox notification will be displayed. It’s as simple as that GREEN = GOOD and RED = BAD.
Heartbleed Notifier and Heartbleed Monitor are some other add-ons available for Firefox.
These browser extensions may give out false positives. Before you do any commercial transactions on the web, please ensure that the website is safe. Checking the health of the website before you visit, can be a good idea. Just do a Heartbleed test as below.
To carry out the test visit this website created by Filippo Valsorda. Just enter the URL of the website you want to visit and see the results.
Thanks for the heads up, Dan. Your tips give us many ideas for such posts.
UPDATE: You might want to also check out Netcraft Extension as it offers Heartbleed and phishing protection for Opera, Firefox and Chrome browsers.