Heartbleed and Steve’s Thoughts

As the media ramps up the hype on the new Heartbleed vulernability, Steve Gibson did a great Security Now Podcast #450, explaining the real issues. Here’s my take on what he said.

  • There is no indication that the bad guys have used this vulnerability in the past two years.
  • According to Netcraft, “the heartbeat extension was enabled on 17.5% of SSL sites.”
  • Steve, “It is only for us, connections that we make from this point until the website has secured itself, that are at risk.”
  • You can use LastPass or SSL Labs to check if a particular website is still at risk. If it is still at risk – don’t use it.
  • Here’s the LastPass Test – https://lastpass.com/heartbleed/
  • Me – If you are a LastPass user, LastPass has a Security check which will notify you of problem sites and where you need to change passwords.
  • Change Chrome Settings to “Check for server revocation.” Notice that it is off by default.

heartbeat-01

Advertisements

About Tom Terrific

Interested in MANY things.
This entry was posted in Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s