You may have heard of the huge problem in the media about internet security because of a bug called Heartbleed. In a nut shell, this basically affects websites that use SSL secure connections through HTTPS. The websites that use SSL are typically those which allow their visitors to submit private information which is encrypted over the internet.
Sites using SSL are the types requiring you to submit payment information such as credit card numbers or private, sensitive information that you wouldn’t post on the internet for the whole world to see such as email messages.
The heartbleed bug is affecting the cryptographic library of the open source SSL solution called OpenSSL so it isn’t a problem for all websites.
How do I know a Website is Vulnerable?
To even see if a website is using SSL, you can observe if the webpage’s URL is using https:// instead of http://. The https:// in the url is used to create a secure connection through SSL. If the URL doesn’t display it, simply type in the S.
You will also need to check the browser when on a https:// page if the connection displays it as secure. If it displays secure that means it is using SSL. You can usually check by clicking on the icon in the URL box. Once clicked, a pop up will usually display whether it is using SSL or not. As shown in the screenshot, the example page displays a note that it is using a secure connection.
How do you know if the SSL connection is actually vulnerable?
The great thing is there are many internet tools that will tell you if a website is vulnerable to the Heartbleed problem. This would be a good idea to check before submitting payment or logging into a website until the problem is fixed.
I have used this Heartbleed checker by Last Pass.
