Yesterday, OpenSSL’s biggest bug – Heartbleed – was announced, along with the fact that it affected some two thirds of the world’s websites.
Some pretty important sites have been affected by the security bug, including Yahoo, Flickr, Kickass Torrents and many more.
Visiting these sites until the vulnerability is fixed is a bit dangerous. While the situation hasn’t exactly changed over the past two years and users are still vulnerable to the same issues, more hackers could now attempt to exploit the bug.
Since any attacks conducted so far have left no traces, there’s no way of knowing exactly how many times the vulnerability was used to obtain data that should have been encrypted, be it passwords or banking information.
Now that Heartbleed has been exposed, sites are that much more in danger until they fix the security problem since, after all, if hackers didn’t known about the bug, they do now.
Along with the announcement, a patch has been made available for OpenSSL, as well as a small Chrome extension for those users who want to make sure they’re not browsing a website that is still exposed to the issue.
Dubbed “Chromebleed,” the tool uses a web service developed by Filippo Valsorda and checks the URL of the page. If affected by Heartbleed, a notification will be displayed.
The tool is in no way intrusive and takes a small place in the extensions bar to the right of the address bar in the browser. It can easily be removed at any time.