Are sites you use vulnerable to Heartbleed security flaw?

Screen Shot 2014-04-09 at 2.36.13 PM


Update: CNET has posted a list of Heartbleed status for top 100 sites

A flaw in the most popular web encryption system could leave people vulnerable to data theft according to security researchers. That little padlock in the lower right corner of a browser window or the letters “https” in the address bar are supposed to mean that the site is encrypted but the most popular method, called OpenSSL, has had a hole for at least two years.

The Heartbleed bug “allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software,” according to Codenomicon’s site, which added, “This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”

Test sites you visit

These tests aren’t  100% definitive. It are an indicator of whether the site you’re using is currently vulnerable, but it doesn’t indicate whether it may have been affected in the past. So even if the site you enter comes up clear there is no guarantee that it wasn’t vulnerable earlier. Still, it’s worth checking the Lastpass Heartbleed checker, the Filippo Valsorda’s report and  the Qualys SSL Labs report. CNET has posted a list on the Heartbleed status for top 100 sites

Is it time to change passwords?

Some experts are advising people to change their passwords right away but others suggest that it’s better to wait until you know your site is clear, lest you simply give hackers access to the new password.

Tips for changing passwords

When you do change your passwords, here are some tips: How to create secure and unique passwords.

For more information

More from

More from CBS News