How to Tell If You’re Vulnerable to Heartbleed

April 10, 2014
Kevin Lam
Data Protection Fridays

A major security bug was reported this week in OpenSSL, the open-source cryptographic library used by many Web sites around the world.  The bug was nick-named “heartbleed” and is estimated to impact about 2/3rds of all Web sites.

Plenty of sites that talk about the bug, but not so many on how to tell if you’re vulnerable. In this article I’ll show you an easy Web-based way to tell if you or your organization is vulnerable or not.

How to Tell If You’re Vulnerable to Heartbleed

To see if your systems are affected by this bug you can use the SSL Test Web page at Qualys for free:

https://www.ssllabs.com/ssltest

Simply, enter your SSL-enabled Web site, select “Do not show these results on the boards” and click the Submit button.

ssltest-step1

Let the test run and you should see a result like the one below. The screenshot is the result of a test we ran against our own production servers. Anything less than an A+ rating should raise alarms. And in particular, you want to see the indicator that your Web site is resistant to the Heartbleed bug.

ssltest-heartbleed-step2

Thanks for reading, feel free to ping us if you have any questions and see you next Friday

Kevin Lam signature

–Kevin

 

 

About IronBox

IronBox specializes in Internet security, data protection and application security. Our team members are recognized security experts that have helped protect some of the industry’s highest value and most targeted data.

Delighting customers with premium data protection, prompt support and easy-to-use software services is our passion.

Contacts
PO Box 3274, Redmond, WA 98073
contactus@goironbox.com
RSS
© 2024 LockBox LLC dba IronBox. All rights reserved.