Heartbleed: How to Check If a Website is Affected or Was Previously Affected

0 Comments
Editor Ratings:
User Ratings:
[Total: 0    Average: 0/5]




This article details two online tools that let you check whether your favorite website(s) were/are affected by the infamous OpenSSL bug Heartbleed or not. These online web based tools are extremely easy to use, and can be used from any web browser.

Unless you’ve just woken up from a long Cryosleep, you probably know about Heartbleed (read more here), a nasty bug in the widely used OpenSSL implementation of the SSL/TLS protocol, that could lead to theft of confidential data as it’s being transmitted/received over the Internet.

The bug has now been patched in OpenSSL and website owners / device manufacturers are trying to implement the patch at their end. But what if you want to be doubly sure and check whether your favorite website was/is still affected by this nasty bug or not? Read on to find out more.

Heartbleed Header

How to check whether Heartbleed affected your favorite website(s) or not?

As such, there’s no way to check from a users’ end whether the websites they use are/were affected by Heartbleed or not. However, you can use some third party web based applications that have been specifically developed for this purpose. They are detailed below:

Using Lastpass’s Heartbleed checker

Lastpass (Marvasol, Inc.), the company behind the famous password management tool that’s also its namesake, Lastpass, has put up an online tool on its website, aptly named “Heartbleed Checker”, that lets you check whether a website has been affected by the bug or not. Here’s how to use Heartbleed Checker:

Step 1: Head over to Lastpass Heartbleed Checker’s homepage.

Step 2: Enter the domain name of the website that you want to check for Heartbleed in the box that says “Check a site”, and press the button labeled “See if this site is vulnerable to Heartbleed”.

Heartbleed checker UI - ILFS

Step 3: Lastpass checks the website and displays its report. The results include whether the website was initially vulnerable or not, and the current safety status of the SSL certificate used by the website. The assessment also includes an advisory, suggesting users change their password on the website that was likely affected in the past.

Lastpass Heartbleed Assessment

Using Heartbleed test

Filippo Valsorda, an Italian programmer has created a great online tool called Heartbleed test, that can be used to check any website for Heartbleed issues. It works pretty much the same like Lastpass’s tool discussed above. Here’s how to use Heartbleed test:

Step 1: Head over to Heartbleed test’s homepage.

Step 2: Enter the URL of the website that you want to check for Heartbleed in the box and press the green button that says Go!

Heartbleed test UI

Step 3: Once you do that, Heartbleed test checks the website and displays the status accordingly. Unlike lastpass’s assessment, Heartbleed test’s results are much shorter, and you’re just notified whether the website is safe from Heartbleed or not. This essentially means that it does not tell whether the website was earlier vulnerable or not; it just tells what is the current vulnerability status of the website.

Heartbleed test results

Conclusion

Both of the tools discussed in the article provide users with an extremely easy way to check whether their favorite website (s) had/have Heartbleed issues or not.  If your favorite website is still vulnerable, it’s time to get in touch with the people who run it to enquire why it’s not been patched. And if they are not working on fixing it now, you probably need to find another service.

Editor Ratings:
User Ratings:
[Total: 0    Average: 0/5]