Just two days back we informed you about the dangerous Heartbleed bug that poses a major threat to all the websites on the Internet, especially those who deal with the commercial transactions. Using this bug the hackers can sneak into the websites and gain sensitive information of its users such as credit card details, personal information and much more.
Though major websites and services like Google, Yahoo, Bing, Microsoft Azure, Office 365, Yammer, Skype have taken steps to ensure that they are protected against this dangerous bug, the threat still looms big as there are many websites that have not taken any protective measures and are likely to be targeted.
While web hosts and websites fix this problem, the process may actually take some time to complete. Changing passwords to keep yourself away from vulnerability is actually a good ploy, however the truth is that it may actually be not enough because if a site has the bug then it has already leaked into the software used by that site. Hence, your new password is exposed to the hacker as earlier your old password was.
Hence, changing the password would be effective only when the website you are using has fixed the site.
In such a scenario, the easiest way is to use Browser extensions to protect yourself from Heartbleed affected websites.
Chromebleed for Chrome Browser
If you are using Chrome browser then one of the easiest way to protect yourself from Heartbleed Bug is to install Chromebleed add-on. Once installed, this add-on display a warning if the site you are browsing is affected by the Heartbleed bug.
Chromebleed uses a web service developed by Filippo Valsorda and checks the URL of the page you have just loaded. If it is affected by Heartbleed, then a Chrome notification will be displayed. Click here for installing Chromebleed.
FoxBleed add-on for Firefox
Firefox users can use FoxBleed add-on that works similar to the Chromebleed. It achieves this by automatically checking the websites you are visiting whether they are affected by the HeartBleed Vulnerability and notifies you in case they are.
The checking process is given below
- When visiting a vulnerable website for the first time of the current browser session, a new tab with the corresponding “http://filippo.io/Heartbleed/#”-site is opened
- Indicates exposure to the vulnerability with a filled HeartBleed icon in the bottom right corner
- Checks each domain name only once per browser session
Heartbleed-Ext add-on for Firefox
Heartbleed-Ext uses a web service developed by Filippo Valsorda and checks the URL of the page you have just loaded. If it is affected, a Firefox notification will be displayed. It’s as simple as that GREEN = GOOD and RED = BAD.
Heartbleed Notifier and Heartbleed Monitor are some other add-ons available for Firefox.
Conclusion
These browser extensions may give out false positives. Before you do any commercial transactions on the web, please ensure that the website is safe. Checking the health of the website before you visit, can be a good idea. Just do a Heartbleed test as below.
To carry out the test visit this website created by Filippo Valsorda. Just enter the URL of the website you want to visit and see the results.
Thanks for the heads up, Dan. Your tips give us many ideas for such posts.
UPDATE: You might want to also check out Netcraft Extension as it offers Heartbleed and phishing protection for Opera, Firefox and Chrome browsers.
No BHO for IE. Surprise, surprise.
Normally, I don’t recommend installing an entire, CPU- and RAM-sucking extension/plug-in dedicated to just one exploit, but this HeartBleed thing, at least for the moment, is a big enough deal that it makes sense to do it at least for a while, I suppose.
A far better solution would be for generalized anti-malware tools that we already have running in our system trays (such as version 2.x of Malware Bytes Professional, for example, just to name one) to detect it. Doing a quick search on the Malware Bytes website, I see that Heartbleed’s being discussed, and there’s some good info about it…
SEE | http://bit.ly/1jD2FsT (the Malware Bytes website)
SEE | http://bit.ly/1jD2Gx0 (the Malware Bytes website)
…which includes these three sites where one may manually check any website for the presence of HeartBleed on it (in no particular order)…
* http://heartbleed.criticalwatch.com/
* https://filippo.io/Heartbleed/ (the Chromebleed extension uses this for lookup)
* https://lastpass.com/heartbleed/
…but I’m not seeing, at least as of this writing, where Malware Bytes has added Heartbleed detection to what the website monitoring component of its Malware Bytes Professional version 2.x software does. In my case, it wouldn’t matter, though, because I’ve turned-off Malware Bytes Professional V2.x’s realtime monitoring because it’s a processor cycle hog, according to my copy of SysInternals Process Explorer. I vigorously complained to Malware Bytes; we’ll see if the company actually does anything about it. But now I digress. Sorry.
The servers of McAfee SiteAdvisor (for which there’s also a browser both BHO for IE, as well as extension/plug-in for both Chrome and Firefox; though it’s tricky installing it for Chrome since it’s no longer in the Chrome Web Store) are already systematically crawling/checking websites, globally, and should be adding HeartBleed detection. If and when it does, then the SiteAdvisor extension in IE, Firefox or Chrome should raise the red flag not only if one tries to visit a site with the HeartBleed problem, but also in Google search results.
Either the Malware Bytes (or whatever other software sits in the system tray and “watches” which sites are visited in the browser), or the McAfee SiteAdvisor extension, would be better because they would help one avoid adding yet another CPU- and RAM-sucking extension to one’s browser…
…or so, at least, it is my two cents worth (which my ex-wife will happily attest tends to be about *ALL* it’s worth). [grin]
That said, the extensions recommended in this article are worthy tools, and will certainly do the trick. How long I will keep “Chromebleed” running in my Chromium-based browser remains to be seen. For now, though, I agree that it’s probably a pretty good idea.
Thanks, Ankit!
__________________________________
Gregg L. DesElms
Napa, California USA
gregg at greggdeselms dot com
Veritas nihil veretur nisi abscondi.
Veritas nimium altercando amittitur.
Thanks Gregg for such useful information.
Also, Chrome and Firefox has a large ecosystem of plugins and extensions. We came across these BHOs. However , If you know of any for IE or other browsers, please do share.
My sarcasm was aimed at Microsoft, not anyone here. I’m simply calling attention to the fact that all the really cool stuff is for Chrome and/or Firefox; but never IE. Er… well… “never” is too strong a word; but you get my point.
I’m not anti-Microsoft, but I’ve been around long enough — I met Bill Gates on the floor of the West Coast Computer Faire in San Francisco in the ’70s, before he was anyone important — to have seen it do abominable things; and I’ve seen how clueless it and its disciples can be about security and all manner of other things.
It surprises me, not, that IE has no BHOs that are equivalent to Chromebleed. The problem is that people tend not to make as many cool BHOs for IE as people make extensions, plug-ins and apps for Firefox and Chrome. That’s not anyone’s fault, here; and my sarcasm wasn’t aimed at that you didn’t find anything. I was being sarcastic because there obviously isn’t anything. Surprise, surprise.
Your work of finding these extensions was fine; excellent, even. Kudos.
The problem, as always, is Microsoft. And the only time I get frustrated with you guys is when you get too blindly loyal to Microsoft around here. It’s not the Microsoft doesn’t make terrific products: it does, indeed. I use nearly all of them. I’m not some knuckleheaded Linux lover who eschews the .NET framework (but thinks nothing of running the Java runtime, which is basically the same thing). It’s just that if you had seen what I have seen, you’d be more cynical.
But that takes us down a whole different, and unnecessary road.
You did fine. Good article. The problem — and my sarcasm was aimed at — Microsoft.
__________________________________
Gregg L. DesElms
Napa, California USA
gregg at greggdeselms dot com
Veritas nihil veretur nisi abscondi.
Veritas nimium altercando amittitur.
FoxBleed is compatible with Firefox 21 and up, no restart needed, but “preliminarily” reviewed by Mozilla, while Heartbleed-Ext is not available with Firefox 24 and below as well as Pale Moon, and needs restart after installation.
Netcraft has released a Heartbleed indicator for Chrome, Opera, and Firefox but in the form of a update to its toolbar.
Thanks for the information. We have covered Netcraft here https://www.thewindowsclub.com/netcraft-extension-heartbleed-phishing-protection
For Free Browser Tech Support Contact Us: 1-800-935-0537
http://computertechsupport.us/