Sins of a Solar Empire : Real-Time Strategy. Unrivalled Scale.
© 2003-2016 Ironclad Games Corporation Vancouver, BC. All rights reserved.
© 2006-2016 Stardock Entertainment

A Chrome Extension to Reveal Sites Affected by the Heartbleed Bug. UPDATE

By on April 14, 2014 3:16:58 PM from JoeUser Forums JoeUser Forums External Link

DrJBHL

Join Date 04/2002
+2261

 

 

You’ve all heard about it and about the website that checks url vulnerability.

Just posting this for you Chrome users – now there’s an extension which works quietly in the background but will pop up a warning if you arrive at one of the smaller (or larger) websites which haven’t fixed the Heartbleed vulnerability.

Here: https://chrome.google.com/webstore/detail/chromebleed/eeoekjnjgppnaegdjbcafdggilajhpic

 

Update:


There are now  Foxbleed and Chromebleed extensions:

http://www.thewindowsclub.com/browser-extensions-protect-heartbleed

 

That being said, it's not at all certain that the "fixed" sites are really fixed after all, and that the 'no warning' or 'safe' sites are really safe at all.

http://www.cnet.com/news/akamai-heartbleed-patch-not-a-fix-after-all/

 

I'll try to keep you all updated regarding this issue.

Locked Post 5 Replies +1 Karma
Search this post
Subscription Options


Reason for Karma (Optional)
Successfully updated karma reason!
G_Bison
April 14, 2014 3:51:10 PM from WinCustomize Forums WinCustomize Forums

Reason for Karma (Optional)
Successfully updated karma reason!
April 15, 2014 6:14:31 AM from WinCustomize Forums WinCustomize Forums

Update:


There are now Foxbleed and Chromebleed extensions to reveal website vulnerability:

http://www.thewindowsclub.com/browser-extensions-protect-heartbleed

 

Reason for Karma (Optional)
Successfully updated karma reason!
April 15, 2014 6:30:12 AM from WinCustomize Forums WinCustomize Forums

I am using the  one for Chrome. In the 12 sites I visit daily, only one hasn't fixed it. And it is a small site, and I was a bit surprised.  I also read somewhere (could be cnet) that the *fix* really might not fix it all. 

 

Reason for Karma (Optional)
Successfully updated karma reason!
April 15, 2014 6:51:59 AM from WinCustomize Forums WinCustomize Forums

Not surprising about the small site. You should probably email the webmaster of that site (and then change your password and not logon again until it's fixed).

I think you meant this piece:

http://www.cnet.com/news/akamai-heartbleed-patch-not-a-fix-after-all/

"The crux of the issue, Pinckaers argues, is that while Akamai protects three critical values in an RSA key -- a long, algorithm-created string of numbers designed to create an encrypted connection -- three other values, known as intermediate extra values, are accessible because they weren't "stored in the secure memory area."

"As the...values were not stored in the secure memory area, the possibility exists that these critical values for the SSL keys could have been exposed to an adversary exploiting the Heartbleed vulnerability," Akamai's Ellis said. "Given any CRT value, it is possible to calculate all 6 critical values."

Akamai is now heading back to the drawing board. Ellis says that his company has already started rotating SSL certificates that are vulnerable to protect its customers. Ellis says that some certificates will rotate quickly, while others will take a bit longer."

 

All is not well in internet land.

Reason for Karma (Optional)
Successfully updated karma reason!
April 15, 2014 8:27:37 AM from WinCustomize Forums WinCustomize Forums

I also have the one for Chrome. 

Reason for Karma (Optional)
Successfully updated karma reason!
Stardock Forums v1.0.0.0    #101114  walnut1   Server Load Time: 00:00:00.0000157   Page Render Time: