Roller Towels vs Paper. Cotton roller towels come out on top of paper towels in…
Heartbleed Bug Undoes Web Encryption Rentex Sites Are Safe
A flaw in software that’s widely used to secure Web communications means that passwords and other highly sensitive data could be exposed. Some say they’ve already found hundreds of Yahoo passwords. Researchers have uncovered an extremely critical vulnerability in recent versions off OpenSSL, a technology that allows millions of Web sites to encrypt communications with online visitors. Complicating matters further is the release of a simple exploit that can be used to steal usernames and your passwords from vulnerable sites, as well as private keys that sites use to encrypt and decrypt sensitive data.Credit: Heartbleed.com
“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.”
Heartbleed Bug Checker Encryption Security Advice
An advisory from Carnegie Mellon University’s CERT notes that the vulnerability is present in sites powered by OpenSSL versions 1.0.1 through 1.0.1f. According to Netcraft, a company that monitors the technology used by various Web sites, more than a half million sites are currently vulnerable. As of this morning, that included Yahoo.com and – ironically – the Web site of openssl.org. This list at Git hub appears to be a relatively recent test for the presence of this vulnerability in the top 1,000 sites as indexed by Web-ranking firm Alexa.
An easy-to-use exploit that is being widely traded online allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL “libssl” library in chunks of 64kb at a time. As CERT notes, an attacker can repeatedly leverage the vulnerability to retrieve as many 64k chunks of memory as are necessary to retrieve the intended secrets.
Test your server. Heartbleed Bug Checker Bug Check Now
Heartbleed Bug Checker Sites That May Be Affected
Heartbleed bug checker are you safe, listed below is more information, a quick key: “Not vulnerable” means the site was never exposed to the flaw in the first place. “No SSL” means the site in question doesn’t use the encryption tool that was found to be faulty. “Was vulnerable” means you should go to your site and change your password now.
1. Google.com: Not vulnerable
2. Facebook.com: Not vulnerable
3. YouTube.com: Not vulnerable.
4. Amazon.com: Not vulnerable.
5. Yahoo.com: Was vulnerable. Yahoo Mail was vulnerable to attack but has since announced that it has been patched, along with other main Yahoo sites such as Yahoo Search, Finance, Sports, Flickr and Tumblr.
6. Wikipedia.org: Not vulnerable.
7. LinkedIn.com: No SSL, Heartbleed bug checker
8. eBay.com: No SSL.
9. Twitter.com: Not vulnerable.
10. Craigslist.org: Not vulnerable.
11. Bing.com: No SSL, Heartbleed bug checker
12. Pinterest.com: Not vulnerable.
13. Blogspot.com: Not vulnerable.
14. Go.com: Not vulnerable.
15. CNN.com: No SSL.
16. Live.com: No SSL.
17. PayPal.com: Not vulnerable. Heartbleed bug checker
18. Instagram.com: Not vulnerable.
19. Tumblr.com: Was vulnerable. Tumblr was vulnerable to attack, but Yahoo has since announced that it has been patched.
20. ESPN.go.com: Not vulnerable.
21. WordPress.com: Not vulnerable, Heartbleed bug checker
22. Imgur.com: Not vulnerable.
23. HuffingtonPost.com: No SSL.
24. reddit.com: Not vulnerable.
25. MSN.com: No SSL.
With special thanks to Spacecake for alerting us of this potential security scare.