Chromebleed
The Heartbleed Bug is a serious vulnerability found in the OpenSSL cryptographic software library. OpenSSL is an open-source security protocol used widely across the Internet (utilized in about two-thirds of Web servers). Information that would normally be protected by the SSL/TLS encryption used to secure the Internet can now be accessed with this weakness. This includes web communication, email, instant messaging (IM), and several virtual private networks (VPNs).
The vulnerability compromises secret keys used to identify the service providers and to encrypt traffic, user names and passwords, and raw data. In turn, this allows cybercriminals to eavesdrop on web communication and steal data directly from the services which users believe are secure. Furthermore, cybercriminals can use this vulnerability to impersonate web services and/or users.
The other issue with this vulnerability is that it went largely undetected for two years. For those cybercriminals who became aware of this issue, they have had plenty of time to harvest critical sensitive information from “protected” web communication channels.
If you’re looking for a way to identify if a particular website is vulnerable to the Heartbleed bug, I recommend using Google Chrome’s extension called Chromebleed.
When installed, Chromebleed notifies you if a website is currently vulnerable to the Heartbleed bug. Evidently, Chromebleed is only compatible with Google’s Chrome browser and can’t be used with other popular Internet browsers such as Internet Explorer, Firefox, or Opera.
To install Chromebleed, open your Google Chrome Internet browser. Then, perform the following steps:
Access Your Google Chrome Settings
Once you have the Chrome Internet browser launched, click on the bar on the top right hand corner with the three black horizontal bars on it. From there, click on “Settings” from the drop-down item list.
Google Chrome's Extensions
You’re now on Chrome’s Settings Page. On the upper left corner, below “Chrome,” click on “Extensions.”
Click on More Extensions
This will bring you to the Extensions Page. Click on “Get more extensions.”
Google Chrome's Web Store
You’re now on Chrome’s Web Store. The Chrome Web Store is an online marketplace where you can find a range of extensions, themes, and applications for your Google Chrome web browser. On the search box located on the upper left corner, type Chromebleed and press enter. Once you see the Chromebleed extension appear as a selection, click on the blue “+ Free” button to install Chromebleed.
Click Add on Confirmation Window
Click on the “Add” button that is displayed on the confirmation pop-up window.
Chromebleed will run in the background when you use Google Chrome as your Internet browser. You will notice a Chromebleed icon (bleeding heart) directly to the left of the “Settings” button.
Right-click on the Chromebleed icon and click on “Options” for further customization. On the Options pane at the bottom, ensure you have the “Notifications Activated” and “Show All Notifications” boxes checked. With these options enabled, Chromebleed will notify you if the site you’re visiting is protected from the Heartbleed bug.
With Chromebleed running, you will be notified if you’re on a website that isn’t vulnerable to the Heartbleed bug with a green heart icon pop-up on the bottom of the web page.
When visiting a site that is vulnerable to the Heartbleed bug, you will see a red heart icon pop-up on the bottom of the web page.
Considering that OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet, you are likely to be affected either directly or indirectly. For example, the social sites you frequently visit, company site, e-commerce site, site you install software from, and even some government sites you may visit may be vulnerable to the Heartbleed bug.
In addition, you may have client side software installed on your machine that could potentially expose your data residing on your PC if you connect to compromised services. To find out how you can take further action in preventing Heartbleed, click here.
The Heartbleed Bug is a serious vulnerability found in the OpenSSL cryptographic software library. OpenSSL is an open-source security protocol used widely across the Internet (utilized in about two-thirds of Web servers). Information that would normally be protected by the SSL/TLS encryption used to secure the Internet can now be accessed with this weakness. This includes web communication, email, instant messaging (IM), and several virtual private networks (VPNs).
The vulnerability compromises secret keys used to identify the service providers and to encrypt traffic, user names and passwords, and raw data. In turn, this allows cybercriminals to eavesdrop on web communication and steal data directly from the services which users believe are secure. Furthermore, cybercriminals can use this vulnerability to impersonate web services and/or users.
The other issue with this vulnerability is that it went largely undetected for two years. For those cybercriminals who became aware of this issue, they have had plenty of time to harvest critical sensitive information from “protected” web communication channels.
If you’re looking for a way to identify if a particular website is vulnerable to the Heartbleed bug, I recommend using Google Chrome’s extension called Chromebleed.
When installed, Chromebleed notifies you if a website is currently vulnerable to the Heartbleed bug. Evidently, Chromebleed is only compatible with Google’s Chrome browser and can’t be used with other popular Internet browsers such as Internet Explorer, Firefox, or Opera.
To install Chromebleed, open your Google Chrome Internet browser. Then, perform the following steps:
Access Your Google Chrome Settings
Once you have the Chrome Internet browser launched, click on the bar on the top right hand corner with the three black horizontal bars on it. From there, click on “Settings” from the drop-down item list.
Google Chrome's Extensions
You’re now on Chrome’s Settings Page. On the upper left corner, below “Chrome,” click on “Extensions.”
Click on More Extensions
This will bring you to the Extensions Page. Click on “Get more extensions.”
Google Chrome's Web Store
You’re now on Chrome’s Web Store. The Chrome Web Store is an online marketplace where you can find a range of extensions, themes, and applications for your Google Chrome web browser. On the search box located on the upper left corner, type Chromebleed and press enter. Once you see the Chromebleed extension appear as a selection, click on the blue “+ Free” button to install Chromebleed.
Click Add on Confirmation Window
Click on the “Add” button that is displayed on the confirmation pop-up window.
Chromebleed will run in the background when you use Google Chrome as your Internet browser. You will notice a Chromebleed icon (bleeding heart) directly to the left of the “Settings” button.
Right-click on the Chromebleed icon and click on “Options” for further customization. On the Options pane at the bottom, ensure you have the “Notifications Activated” and “Show All Notifications” boxes checked. With these options enabled, Chromebleed will notify you if the site you’re visiting is protected from the Heartbleed bug.
With Chromebleed running, you will be notified if you’re on a website that isn’t vulnerable to the Heartbleed bug with a green heart icon pop-up on the bottom of the web page.
When visiting a site that is vulnerable to the Heartbleed bug, you will see a red heart icon pop-up on the bottom of the web page.
Considering that OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet, you are likely to be affected either directly or indirectly. For example, the social sites you frequently visit, company site, e-commerce site, site you install software from, and even some government sites you may visit may be vulnerable to the Heartbleed bug.
In addition, you may have client side software installed on your machine that could potentially expose your data residing on your PC if you connect to compromised services. To find out how you can take further action in preventing Heartbleed, click here.