Heartbleed Vulnerability – Affected Online Banking, Social Media, and Web Apps

heartbleed-bug-list-of-afftected-web-apps Heartbleed, a newest addition to the list of bugs has been described as a catastrophe by Bruce Schneier, who in his blog post, wrote

On the scale of 1 to 10, this is an 11

and rightly so. We use the Internet today to have private conversation with friends and family, conduct businesses, and perform online transactions that are secured by encrypting traffic between a client (you) and the server using a set of protocols called Secured Socket Layer (SSL). SSL ensures that the communication between user and server is encrypted by exchanging a set of public and private keys. It is the digital version of two people having two keys to unlock a locked case. Heartbleed, a bug discovered by a member of  Google security team and  Codenomicon, strikes at the heart of SSL protocol: making a copy of the key to unlock that case and get access to whatever it is that you or the server have put in there.

Sounds horrible enough, right? Indeed it is. By far, any person or organization executing Heartbleed bug on server would’ve gotten access to major social media and banking applications and can exploit these services to get access to private information or committing financial fraud.

Fortunately there’s a way of knowing if any of your online services were affected or not so I spent a better part of last night creating a script that would check a list of social media and banking websites for openness to vulnerability. I’m putting up the list in this blog. If any web app you use is in the list of affected apps, you must change the password of those applications RIGHT AWAY. That is, of course, if you don’t want Neo to read your private conversation on Facebook or transfer all of your money into his account. I realize after knowing the seriousness of this bug, you are on the edge of your seat, waiting anxiously for the list. Well, here you go. Continue reading