Enterprise IT security vendor McAfee today announced a free tool to help consumers to determine websites they visit have upgraded to the version of OpenSSL that is unsusceptible to the Heartbleed bug.
For this, online users need to enter website domain names into the Heartbleed Checker tool to immediately determine if the websites they frequent have been affected by Heartbleed by checking whether or not the sites have been upgraded to the version of OpenSSL that is unsusceptible to the bug.
Gary Davis, vice president of consumer marketing at McAfee, part of Intel Security, said: “In the wake of confusing information floating around, our tool makes it easy for consumers to quickly access the information they need. Armed with this information, consumers can decide when it is time to change their passwords and regain confidence in a safe web surfing experience.”
Meanwhile, eScan, a anti-virus and content security solution provider, has launched an online tool to identify the Heartbleed. IT users can use the tool – available at escan website — to check whether the website they are browsing is affected with the Heartbleed bug or not.
Since a majority of websites are vulnerable to the Heartbleed bug, changing a password will not help much; as the website would have to update their OpenSSL software first in order to mitigate the threat.
You can type the website address that you wish to browse into the box displayed in the tool, and it will let you know whether it is safe. While websites such as Facebook, Gmail, Amazon, Yahoo, Twitter and others are not vulnerable, numerous other websites/servers are still vulnerable to this, said eScan.
Govind Rammurthy, MD and CEO, eScan said: “OpenSSL is the most popular open source cryptographic library and TLS (Transport Layer Security) implementation used to encrypt traffic on the Internet. Hackers are using smart social engineering tricks more and more often on popular social sites, company’s site and commercial sites.”
Heartbleed Bug is estimated to affect up to two-thirds of all websites.
A flaw in the SSL code could allow an attacker to gain access to system memory, which potentially could contain sensitive information or communications. To protect themselves, consumers should determine which sites that they use are affected and then change those account passwords when the affected sites are patched.
Ixia announced that its Application and Threat Intelligence (ATI) team has delivered the ability to simulate the exploitation of the critical OpenSSL vulnerability Heartbleed with an update to the ATI program. Customers can ensure key organizational data stays secure with the ability to test and assess the resiliency of their networks under an exploitation of Heartbleed.
Steve McGregory, director of Ixia’s Application and Threat Intelligence team, said: “With Ixia’s ATI team being able to quickly respond to and add new malicious attacks and vulnerabilities to our ATI program, our customers have the actionable insight they need to ensure their data is safe.”
While companies are rushing to patch the vulnerability, this may not always be possible due to software compatibility constraints. In the newest update, Ixia’s ATI team has isolated the key elements of the Heartbleed vulnerability to help our customers ensure the security of their networks.