How can you Defend from Heartbleed Bug

Heartbleed Bug has been out and of the box and suddenly everyone has gone mad over it. The reasons are also that serious because the vulnerability went un noticed in OpenSSL for last two years. OpenSSL which is the software that provides encrypted transfer of data. The data that is transferred using encryption cannot be hijacked in the transit. The loop hole existed in this SSL (Secured Sockets Layer) which is responsible for the secured data transmission.

The security vulnerability exists at the server end so there is not much to do for user. The OpenSSL patch has to be implemented at the server end. Some web servers have already fixed it at their end but there are a few which have not done it yet. It is important to stay away from such entities who have not yet fixed the bug.

So to defend from heartbleed bug you need to set up a monitoring system to identify such websites which have not patched OpenSSL.

Defend from Heartbleed BugSome browsers have add-ons to check if the https websites are affected by the heartbleed bug. The plugins are available for the following browsers, however go through the plugin description before using them.

Addon for Mozilla Firefox : Warn when visiting hosts vulnerable to the Heartbleed attack by overlaying the page with a bleeding heart.

Chrome Extension :  The author claims this Chrome Extension detects heartbleed bug and throws a notification.

Check your Android 4.1.1 device : The Lookout Heartbleed Detector can be used to determine whether your Android device is vulnerable to the Heartbleed bug in OpenSSL. This app works by determining if the device is using affected version of OpenSSL. If so, then the app checks to see if the vulnerable feature called heartbeats is enabled. However this app can diagnose but not fix the vulnerability.

Making use of the above plugins you can defend from heartbleed bug.

Related Posts:

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.