Browser plug-ins arrive for Firefox and Chrome that scan websites for Heartbleed risk
A developer today released a free add-on for Mozilla Firefox that checks websites for vulnerability to the massive Heartbleed flaw. Tom Brennan, founder of ProactiveRISK, says he wrote the tool after getting an overwhelming number of requests from family and friends about how to protect themselves from websites that are vulnerable to Heartbleed. "They just wanted their browser to tell them, like a radar detector," Brennan says.
The browser plug-in provides color-coding warnings for websites: Red means the site is vulnerable to Heartbleed. Green means it's safe. There's also a yellow warning for sites that may be vulnerable.
"Like a traffic light on the Internet, it is the users' responsibility to be proactive about risk in addition to the sysadmin defender working hard every day to put out the fire of the day," Brennan says.
"The code is open-source and a donation to the community," he says. "And maybe it will stop the phone calls from users asking for suggestions to something they don't control."
A similar tool for Chrome was released yesterday by developer Jamie Hoyle. The Chromebleed Checker add-in for the Chrome browser also warns users of Heartbleed-vulnerable sites.
{Image 1}
"Whilst some servers have been patched already, many remain that have not been patched. Chromebleed uses a web service developed by Filippo Valsorda and checks the URL of the page you have just loaded," the Chromebleed description says. "If it is affected by Heartbleed, then a Chrome notification will be displayed."
Valsorda this week released one of the first tools to scan websites for Heartbleed vulnerability. Errata Security did an initial scan this week for vulnerable sites using its masscan tool. Vendors such as Qualys and LastPass have released free website scanners, and there is also a Metasploit module for Heartbleed.
Meanwhile, Apple told news site Recode that IOS and OS X do not use the vulnerable version of SSL and that its "key Web-based services were not affected."
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024