Not sure if a site is safe from 'Heartbleed'? Use this tool to check



By Salvador Rodriguez
Los Angeles Times

A bug named "Heartbleed" was recently discovered and likely affects most websites on the Internet. Fortunately, an online tool makes it easy for users to quickly check whether a website is secure or not.

Heartbleed is a bug that affects OpenSSL, a technology that is used by many Internet services to keep user data secure. Hackers can take advantage of the bug to steal a key code that can then be used to steal information, including user passwords.

A fix has been created for the bug, but many websites across the Internet have still not implemented it to their services.

Experts recommend users change the passwords for all their online accounts to protect themselves from the ramifications of the Heartbleed bug. But before changing their passwords for specific websites, users should first check that those sites have fixed the Heartbleed problem.

Users can easily check if a site is secure by going to this website: http://filippo.io/Heartbleed/

There, type in the URL for any website that requires information from users, such as email providers, banks, social networks, shopping sites and more. The tool will quickly check the site and notify the user if it is safe or not.

I did a quick check on numerous popular sites, and many have already been secured, according to the tool. These sites include Facebook, Twitter, Gmail, Amazon and Yahoo.

If the tool says a website is safe, users should feel free to change the password for their account on that service. If the tool says a website is "Vulnerable" then it is not yet safe, and users should not yet change their passwords for that site -- instead, users should wait until the site once has been secured.

The website was created by Filippo Valsorda, an Italian cyber security expert. The tool tests websites by trying to exploit them using the Heartbleed bug, Valsorda told The Times.

Valsorda said that he built the tool in a few hours but that he has kept working on it to improve how it works. He said the website is currently being checked about 7,000 times per minute.

Besides checking to make sure websites are secure, Valsorda recommends that users also keep an eye out for statements from their most frequented websites in case they were hacked through the Heartbleed bug.