As you may be aware after the heartbleed bug there was many sites left unprotected even through many have been fixed there are still a huge amount of sites out there which have not yet been fixed. Is yours one of them?
I use a designed site to analyze the site and tell me if it’s good to use.
Even if you think a site is safe it’s better to spend 30 seconds checking the site is safe before you use it.
What is The Problem with Heartbleed?
The problem affects a piece of software called OpenSSL, used for security on popular web servers. With OpenSSL, websites can provide encrypted information to visitors, so the data transferred (including usernames, passwords and cookies) cannot be seen by others while it goes from your computer to the website.
OpenSSL is an open-source project, meaning it was developed by really talented volunteers, free of charge, to help the internet community. It happens that version 1.0.1 of OpenSSL, released on April 19th, 2012, has a little bug (a mistake introduced by a programmer) that allows for a person (including a malicious hacker) to retrieve information on the memory of the web server without leaving a trace. This honest mistake was introduced with a new feature implemented by Dr. Robin Seggelmann, a German programmer who often contributes security code.
Heartbleed exploits a built-in feature of OpenSSL called heartbeat.
Heartbleed exploits a built-in feature of OpenSSL called heartbeat. When your computer accesses a website, the website will respond back to let your computer know that it is active and listening for your requests: This is the heartbeat. This call and response is done by exchanging data. Normally when your computer makes a request, the heartbeat will only send back the amount of data your computer sent. However, this is not the case for servers currently affected by the bug. The hacker is able to make a request to the server and request data from the server’s memory beyond the total data of the initial request, up to 65,536 bytes.
The data that lives beyond this request “may contain data left behind from other parts of OpenSSL,” according to CloudFlare. What’s stored in that extra memory space is completely dependent on the platform. As more computers access the server, the memory at the top is recycled. This means that previous requests may still reside in the memory block the hacker requests back from the server. Just what might be in those bits of data? Login credentials, cookies and other data that may be exploitable by hackers.
So keep yourself safe and check the site before you use it.