Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
View
Go to last post Go to first unread
Offline paul  
#1 Posted : Friday, April 11, 2014 9:08:09 AM(UTC)
News


Rank: Member

Reputation:

Groups: Registered
Joined: 9/23/2007(UTC)
Posts: 25,073

Was thanked: 3 time(s) in 3 post(s)
The discovery of a security vulnerability in OpenSSH, which is a set of programs that provide encrypted communication sessions using the SSH protocol for an estimated two-thirds of the web, challenged the notion that anyone can ever be truly safe on the Internet, regardless of how careful you surf. How so? Researchers discovered a major vulnerability in OpenSSH that could allow hackers to dig up your personal information, including usernames, passwords, credit card data, and much more. It's called Heartbleed, and it has the Internet community on high alert. There's a patch available, which many website admins have applied, but if you want to err on the side of caution, Chromebeed is here to help.

Chromebleed is an extension for Google's Chrome browser. It uses a web service developed by Filippo Valsorda to check the URL of a page you just loaded. If the page is affected by Heartbleed, a Chrome notification will appear and you'll know not to enter any personal information.

Heartbleed
Image Source: Flickr (snoopsmaus)

It's a simple solution to a pretty serious problem, though be advised that it can create false positives. If you don't trust the result but want to play it safe, we suggest getting in touch with the website owner or site admin to find out if (A) they're aware of Heartbleed and (B) if they've taken care of the situation by patching OpenSSH.

You can download Chromebleed here. Alternately, you can bookmark Filippo Valsorda's Heartbleed Test page to manually check individual websites for the vulnerability. And for those wondering, you're safe to enter your login credentials at HotHardware.
Offline RJeffries  
#2 Posted : Friday, April 11, 2014 10:15:04 AM(UTC)
RJeffries


Rank: Member

Reputation:

Groups: Registered
Joined: 10/13/2010(UTC)
Posts: 100
Location: NYC

Thank you for this info!

Offline Jaybk26  
#3 Posted : Friday, April 11, 2014 11:40:47 AM(UTC)
Jaybk26


Rank: Member

Reputation:

Groups: Registered
Joined: 8/3/2012(UTC)
Posts: 257

Maybe I'm not well informed, but this makes me curious. How can it tell if it's affected by heartbleed by its URL?

Offline Super Dave  
#4 Posted : Friday, April 11, 2014 11:41:38 AM(UTC)
Super Dave


Rank: Advanced Member

Reputation:

Groups: Administrators, Registered
Joined: 11/16/2005(UTC)
Posts: 3,316
Location: Metropolis

Thanks for the article, Paul. I was a bit leery of installing it but finally did. The results don't show up instantly and sometimes seemed to take a long time to register. Not sure how accurate this thing is but I used it to check my usual favorite websites (they all passed). Probably will use it for a few days and then disable it. 

Offline DustinMaxfield  
#5 Posted : Friday, April 11, 2014 11:49:22 AM(UTC)
DustinMaxfield


Rank: Member

Reputation:

Groups: Registered
Joined: 7/23/2013(UTC)
Posts: 118
Location: Utah

It works by attempting to gain access to the website in question by using the "heartbleed bug". If it gets through it will notify you that the website is not protected against this attack.

So it lets you know, by actually performing the attack. It uses the same process as found here.

http://filippo.io/Heartbleed/

Offline RobertJohnAmanse  
#6 Posted : Saturday, April 12, 2014 11:17:26 AM(UTC)
RobertJohnAmanse


Rank: Member

Reputation:

Groups: Registered
Joined: 4/12/2014(UTC)
Posts: 2

Shouldn't it be OpenSSL and not OpenSSH?

Offline CraigFender  
#7 Posted : Saturday, April 12, 2014 12:43:24 PM(UTC)
CraigFender


Rank: Member

Reputation:

Groups: Registered
Joined: 7/10/2013(UTC)
Posts: 16

Thank the maker! This oil bath is going to feel so good.

Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.