Last week on TechBeat we reported on the lethal Heartbleed bug, which has allowed hackers to steal user names, passwords, emails, credit card information and more, all without detection for the past two years. Hopefully by now you have followed the advice to change all of your passwords as a protection for your data but going forward how can you be sure that your device is secure or that any website you visit is not vulnerable to the Heartbleed bug? Well there have been a number of security tools released that will allow you to scan any website and check if you are at risk.
The first tool is an app that has been released by Lookout. It has been designed to determine what version of OpenSSL your Android device is using and see if the vulnerable feature named Heartbeats is enabled. It will keep you informed of the status of your device but unfortunately will not fix a vulnerability. Please note that this tool doesn’t check if websites are vulnerable; only your Android device.
Lookout’s detector app can be downloaded from the Google Play Store for free. Alternatively, Bluebox Heartbleed Scanner is another Android app that will perform the same task and is also available to download from the Play Store.
The web secuirty firm, Quays, has developed a tool that lets you actually scan a website to check for vulnerability. It’s quick and easy. Just go to the Quays SSL Labs page and enter the name of the website that you want to check. Click “Submit”. When the scan has been completed, you will be given a notification informing you whether the site has been effected by Heartbleed.
Another tool available comes from LastPass, an online password security company. It too has developed a Heartbleed detector, much like the one from Quays. If you are really concerned about a website, then there would be no harm in running a check with both of these firms’ scanners.
Other web-based scanners that you can try are Chromebleed; a Google Chrome browser extension, which tells you if a website has been affected by Heartbleed. Alternatively, a software developer named Filippo Valsorda has created his own scanning tool.
Let us know what tools you have used to check for this nasty bug and what you thought of them.