The Heartbleed bug is one of the biggest security flaws the Internet has known. Internet research firm Netcraft estimates that as many as 500,000 websites could be affected. Since hackers can exploit Heartbleed to steal user data — Canadian police yesterday arrested a man who allegedly used Heartbleed to steal user data from the government’s tax website — the call has gone out for users to change their passwords for affected sites. It does you no good, however, to change your password for a site until the site has been patched.
How do you know if a site is still at risk? You could check a site yourself by plugging its URL into a tool from LastPass or Qualys. Either method, however, requires you to initiate the check. An easier way is to install Chromebleed, a Chrome extension that runs in the background and pops up a warning when you visit a site that is vulnerable to Heartbleed, requiring no additional effort on your part after simply clicking to install it.
Chromebleed was developed by an Italian programmer, Filippo Valsorda, who has his own Heartbleed site checker here.
When you install the extension, it’ll add a small button with the Heartbleed icon to the right of Chrome’s URL bar. When you visit a site that is vulnerable, it’ll display a warning.
By default, Chromebleed does nothing for sites that have been patched against Heartbleed. By right-clicking on the Chromebleed button and selecting Options, you can check a box to Show All Notifications. With this setting enabled, you will get an alert for every site you visit, good or bad.
(Image Source: iCLIPART)