If you heard of the “heartbleed” vulnerability and are interested in testing your servers, here are a few websites that may come in handy:
- Heartbleed test - Simple and works.
- LastPass Heartbleed checker - also simple but I found that it was giving me some false positives.
- Qualys SSL Labs SSL Server Test - this is serious shit, deep analysis of much more than just the heartbleed vulnerability. Good stuff!
- OpenSSL TLS Heartbeat Extension - Memory Disclosure - the actual exploit that you can use yourself to test if your servers are vulnerable.
In case you want to read more about it, here’s a more technical explanation of the problem.
What can you do?
Using one of the tools above, check if any of the websites you use regularly is affected. By the time you read this, most, if not all major websites on the internet should have applied the necessary corrections to make their servers safe but better safe than sorry. There’s also a huge list of sites, detailing which are and which are not vulnerable. If you’re smart enough to use LastPass, it now checks if your sites are vulnerable, so make use of the tool.
Next, change the passwords for your important accounts - email, banking and social networks, etc. - on sites that were affected by the vulnerability but patched it. If the site hasn’t patched the problem yet, there’s no point in changing your password yet. Instead, ask them when they expect to fix it and urge them to do it as soon as possible.