Browser extensions to warn you of Heartbleed affected websites

7 Comments

  1. No BHO for IE. Surprise, surprise.

    Normally, I don’t recommend installing an entire, CPU- and RAM-sucking extension/plug-in dedicated to just one exploit, but this HeartBleed thing, at least for the moment, is a big enough deal that it makes sense to do it at least for a while, I suppose.

    A far better solution would be for generalized anti-malware tools that we already have running in our system trays (such as version 2.x of Malware Bytes Professional, for example, just to name one) to detect it. Doing a quick search on the Malware Bytes website, I see that Heartbleed’s being discussed, and there’s some good info about it…

    SEE | http://bit.ly/1jD2FsT (the Malware Bytes website)
    SEE | http://bit.ly/1jD2Gx0 (the Malware Bytes website)

    …which includes these three sites where one may manually check any website for the presence of HeartBleed on it (in no particular order)…

    * http://heartbleed.criticalwatch.com/
    * https://filippo.io/Heartbleed/ (the Chromebleed extension uses this for lookup)
    * https://lastpass.com/heartbleed/

    …but I’m not seeing, at least as of this writing, where Malware Bytes has added Heartbleed detection to what the website monitoring component of its Malware Bytes Professional version 2.x software does. In my case, it wouldn’t matter, though, because I’ve turned-off Malware Bytes Professional V2.x’s realtime monitoring because it’s a processor cycle hog, according to my copy of SysInternals Process Explorer. I vigorously complained to Malware Bytes; we’ll see if the company actually does anything about it. But now I digress. Sorry.

    The servers of McAfee SiteAdvisor (for which there’s also a browser both BHO for IE, as well as extension/plug-in for both Chrome and Firefox; though it’s tricky installing it for Chrome since it’s no longer in the Chrome Web Store) are already systematically crawling/checking websites, globally, and should be adding HeartBleed detection. If and when it does, then the SiteAdvisor extension in IE, Firefox or Chrome should raise the red flag not only if one tries to visit a site with the HeartBleed problem, but also in Google search results.

    Either the Malware Bytes (or whatever other software sits in the system tray and “watches” which sites are visited in the browser), or the McAfee SiteAdvisor extension, would be better because they would help one avoid adding yet another CPU- and RAM-sucking extension to one’s browser…

    …or so, at least, it is my two cents worth (which my ex-wife will happily attest tends to be about *ALL* it’s worth). [grin]

    That said, the extensions recommended in this article are worthy tools, and will certainly do the trick. How long I will keep “Chromebleed” running in my Chromium-based browser remains to be seen. For now, though, I agree that it’s probably a pretty good idea.

    Thanks, Ankit!

    __________________________________
    Gregg L. DesElms
    Napa, California USA
    gregg at greggdeselms dot com

    Veritas nihil veretur nisi abscondi.
    Veritas nimium altercando amittitur.

  2. Also, Chrome and Firefox has a large ecosystem of plugins and extensions. We came across these BHOs. However , If you know of any for IE or other browsers, please do share.

  3. My sarcasm was aimed at Microsoft, not anyone here. I’m simply calling attention to the fact that all the really cool stuff is for Chrome and/or Firefox; but never IE. Er… well… “never” is too strong a word; but you get my point.

    I’m not anti-Microsoft, but I’ve been around long enough — I met Bill Gates on the floor of the West Coast Computer Faire in San Francisco in the ’70s, before he was anyone important — to have seen it do abominable things; and I’ve seen how clueless it and its disciples can be about security and all manner of other things.

    It surprises me, not, that IE has no BHOs that are equivalent to Chromebleed. The problem is that people tend not to make as many cool BHOs for IE as people make extensions, plug-ins and apps for Firefox and Chrome. That’s not anyone’s fault, here; and my sarcasm wasn’t aimed at that you didn’t find anything. I was being sarcastic because there obviously isn’t anything. Surprise, surprise.

    Your work of finding these extensions was fine; excellent, even. Kudos.

    The problem, as always, is Microsoft. And the only time I get frustrated with you guys is when you get too blindly loyal to Microsoft around here. It’s not the Microsoft doesn’t make terrific products: it does, indeed. I use nearly all of them. I’m not some knuckleheaded Linux lover who eschews the .NET framework (but thinks nothing of running the Java runtime, which is basically the same thing). It’s just that if you had seen what I have seen, you’d be more cynical.

    But that takes us down a whole different, and unnecessary road.

    You did fine. Good article. The problem — and my sarcasm was aimed at — Microsoft.

    __________________________________
    Gregg L. DesElms
    Napa, California USA
    gregg at greggdeselms dot com

    Veritas nihil veretur nisi abscondi.
    Veritas nimium altercando amittitur.

  4. FoxBleed is compatible with Firefox 21 and up, no restart needed, but “preliminarily” reviewed by Mozilla, while Heartbleed-Ext is not available with Firefox 24 and below as well as Pale Moon, and needs restart after installation.

    Netcraft has released a Heartbleed indicator for Chrome, Opera, and Firefox but in the form of a update to its toolbar.

Leave a Reply

Your email address will not be published. Required fields are marked *


1 + 2 =