With the Heartbleed hole in OpenSSL affecting almost a fifth of all suppposedly secure Web servers, there’s a good chance that you have an account and password that has been inadvertently compromised. The 19 year old who quickly cobbled together a hack to test Web sites around the world has some good advice for anyone concerned about their Internet security.
Filippo Valsorda, the 19 year old Italian cryptography and infosec enthusiast who put together one of the first Heartbleed test sites on his personal Web server, has been on Reddit overnight answering questions about the OpenSSL bug.
Apparently Valsorda’s Heartbleed test has had more than 60 million queries since he released it last week, with companies and end users alike using it to test their services for SSL bug vulnerability. ‘FiloSottile’, as he’s known on Reddit and GitHub, has a few tips for anyone who is unsure about how to deal with the security of their Internet accounts.
The most important piece of advice he’s shared is to be vigilant about what sites you access, especially if they haven’t confirmed or patched the Heartbleed bug. Chromebleed is a Google Chrome extension that scans links and addresses entered into your Web browser, alerting you whenever you visit a site that is vulnerable to the OpenSSL hole and hasn’t been patched.
Valsorda says that if Chromebleed, or its Mozilla firefox counterpart FoxBleed, reports a vulnerability, to not log in, and to wait for an official statement from that site on its response to Heartbleed.
Heartbleed is a big problem if you’re a heavy Internet user on either desktop or mobile, especially if you use the same password on different accounts and websites. If you’re new to the whole Heartbleed debacle, or if you’re still working out what accounts you’ll have to change the password on, check out Filippo’s Ask Me Anything session on Reddit. [Reddit]