X
  • April 8, 2014
  • By John
  • Comments Off on Heartbleed, A SSL Vulnerability
  • in geekstuff

Heartbleed, A SSL Vulnerability

A weakness in the protocol that makes your secure sites, secure is no longer secure. At least for now. A patch has been made and being deployed but not everyone is patched yet. So what to do. I would recommend testing any SSL Site that you use with http://filippo.io/Heartbleed It's not safe enough to just put the main site address but put the actually SSL host for example, my bank is  plainscaptialbank.com  but when i click to login to my online banking it takes me to ibank.plainscaptial.com.  I put that address in the test field and found that it is not patched from CVE-2014-0160. So while these sites are not patched, i'll just avoid using them until they are corrected.

The risk here is that someone could be posing as the real site and scooping up any information you give them.  your browser won't know any different and see that the certificate is valid and not warn you of any risk.

If you want more information on heartbleed visit:  http://heartbleed.com

Thanks to Riley for posing the question to me this morning.

UPDATE  9 AM

sites which also appear to need to be patched,

Amigo Energy (my.amigoenergy.com)

Song Select (us.songselect.com)

UPDATE 10 AM

http://ibank.plainscapital.com is now secure.

Contact me

Using the contact form to send me email at below

Keep in touch with us

You can use the following information to contact us if you wanna join us or anything need to communicate.

Name: john
Skype: john-munoz