Heartbleed and Steve’s Thoughts

As the media ramps up the hype on the new Heartbleed vulernability, Steve Gibson did a great Security Now Podcast #450, explaining the real issues. Here’s my take on what he said.

  • There is no indication that the bad guys have used this vulnerability in the past two years.
  • According to Netcraft, “the heartbeat extension was enabled on 17.5% of SSL sites.”
  • Steve, “It is only for us, connections that we make from this point until the website has secured itself, that are at risk.”
  • You can use LastPass or SSL Labs to check if a particular website is still at risk. If it is still at risk – don’t use it.
  • Here’s the LastPass Test – https://lastpass.com/heartbleed/
  • Me – If you are a LastPass user, LastPass has a Security check which will notify you of problem sites and where you need to change passwords.
  • Change Chrome Settings to “Check for server revocation.” Notice that it is off by default.



About Tom Terrific

Interested in MANY things.
This entry was posted in Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s