Developers at Internet services company Netcraft have released a browser extension that makes it easy for Web surfers to know if the site they’re visiting is vulnerable to the catastrophic Heartbleed vulnerability.
The extension works on the Chrome, Firefox, and Opera browsers. It’s available here, and you can read Netcraft’s description of it here. Once installed, it provides a bleeding heart icon and warning sign when users visit a site that remains susceptible to one or more of the risks posed by Heartbleed, the extremely critical bug that allows attackers to pluck sensitive data from the memory of vulnerable servers. Exposed data most often seems to include usernames and passwords, but it can also include taxpayer identification numbers and even the private encryption keys that are a website’s crown jewels.
The Netcraft extension will alert users if an OpenSSL-powered site has yet to install an update that’s immune to Heartbleed exploits. It also lets people know if sites that have updated OpenSSL are still using an HTTPS encryption certificate that has yet to be changed since OpenSSL was updated. That latter alert is crucial, since possession of a private encryption key makes it possible for attackers to impersonate HTTPS-protected sites with malicious sites that are almost impossible for most end users to detect. Out of an abundance of caution, all sites that were vulnerable to Heartbleed should assume their keys are now in the hands of malicious attackers.
Read 3 remaining paragraphs | Comments