What is Heartbleed Bug and How to Protect yourself and Stay Safe?

5 Comments

  1. Excellent and accurate article; could only add EFF had an email out today in part saying TOR hidden services sites may have been compromised, which I offer as example of how easily any affected server site can suffer; and Qualys SSL Labs currently has free online SSl Server Test to check any website for Heartbleed vulnerability (of course, The Windows Club passed with their grade A!). Hope this is useful.

  2. Sorry for late comment, but just found two brand-new plugins which developers say can help people know if site they just landed on appears safe from Heartbleed or not: for Chrome browsers, new extension “Chromebleed”; for Firefox, new extension “Heartbleed -Ext 3.0”; both somewhere on browser screen will have icon/indicia which turns colors from green for safe, yellow for probably safe, and red for likely unsafe; both extensions say incorporating heartbleed assessment ideas of Filipo Valsorda (as third party). Hope this helps. In my earlier post I mentioned IIS; to be sure, this applies only to SITES on IIS; and would that more enterprises would follow The Windows Club’s style of DDoS, SEO spam, and other protective safeguards! Cheers!

  3. Any time! There is another doodad in re Heartbleed, which I’d heard Steve Gibson praise on “Security Now!” podcasts…it’s called Calomel SSL Validation extension; but it’s for Firefox only, and where it has a few small tweaks, for a well-read average user it really just lets one know if a site/page supports Perfect Forward Secrecy…however, a few sites which pass “Chromebleed”, “Heartbleed -Ext”, and “Qualys” got “red shields” from Calomel, possibly as Calomel ignores or is disrupted by negotiating some sites’ overlaying web security. It seemed to me “Chromebleed” and “Heartbleed -Ext” gave more reliable reads, and if many are getting as many green icons as I do, use of these plugins could also help calm any hysteria about insecure commercial logins.

    I heard on April 7, 2014, Microsoft announced IE 12 will finally get strict content policy settings; my wishlist includes CSRF protection which would help re Heartbleed and non-IIS sites with lax security. Cheers!

Leave a Reply

Your email address will not be published. Required fields are marked *


6 + 3 =


Share via
Copy link