Techworm had reported the breaking news of the bug in OpenSSL aptly named #heartbleed by security researchers. You can read this article here. This bug was existent for two years in the OpenSSL socket and was only fixed with the update released 2 days ago. As of now many of the sites still are unpatched which may lead to your identity and data theft. Techworm has prepared a list of sites which are deemed safe from the #heartbleed bug and if your bank/email provider/shopping site/or any other site where you provide credit card details and personal details, is not in the list, you should fire a email to the webmaster of that site immediately and change your passwords immediately.
Techworm has already given a Python tester in its previous report so if you did like to test the site yourself please read that post here. The sites which are deemed safe are listed below :
1. Google.com: Not vulnerable.
2. Facebook.com: Not vulnerable.
3. YouTube.com: Not vulnerable.
4. Amazon.com: Not vulnerable.
5. Yahoo.com: Was vulnerable. Yahoo Mail was vulnerable to attack but has since announced that it has been patched, along with other main Yahoo sites such as Yahoo Search, Finance, Sports, Flickr and Tumblr.
6. Wikipedia.org: Not vulnerable.
7. LinkedIn.com: No SSL.
8. eBay.com: No SSL.
9. Twitter.com: Not vulnerable.
10. Craigslist.org: Not vulnerable.
11. Bing.com: No SSL.
12. Pinterest.com: Not vulnerable.
13. Blogspot.com: Not vulnerable.
14. Go.com: Not vulnerable.
15. CNN.com: No SSL.
16. Live.com: No SSL.
17. PayPal.com: Not vulnerable.
18. Instagram.com: Not vulnerable.
19. Tumblr.com: Was vulnerable. Tumblr was vulnerable to attack, but Yahoo has since announced that it has been patched.
20. ESPN.go.com: Not vulnerable.
21. WordPress.com: Not vulnerable.
22. Imgur.com: Not vulnerable.
23. HuffingtonPost.com: No SSL.
24. reddit.com: Not vulnerable.
25. MSN.com: No SSL.
It is also brought to your notice that servers and sites powered by CloudFlare CDN provider are patched.
To check out whether your online banking/shopping/email or any other website is affected by #heartbled, you can download and install a Chrome extension here. This extension points out if the site is vulnerable to this defect immediately on entering the URL.
The sites listed below also offer a free diagnostic test. You can enter the URL you want to check to see the results.
1. Filipo.io
2. Lastpass.com
And last but not the least here is a video from Yahoo explaining #heartbleed.
The sites listed below also offer a free diagnostic test. You can enter the URL you want to check to see the results.
1. Filipo.io
2. Lastpass.com
And last but not the least here is a video from Yahoo explaining #heartbleed.
Other than above site, dberkholz from Github has published a list of 512 sites from Alexa 10000 top rated sites which are vulnerable to #heartbleed. They are given below :
