How to Check If a Site Is Safe From 'Heartbleed'

If your site reads Safe, it makes sense to change your password. Even if it doesn't yet, a change still makes sense.
More

This post follows one a few hours ago about the Heartbleed security failure, and for safety's sake it repeats information I have added to that post as an update.

Point 1: If you would like to test to see whether a site is exposed to the loophole created (over the past two years) by the OpenSSL bug, you can go here and enter the URL you are concerned about. (This tip via Bruce Schneier.) As explained in the FAQ, the test sometimes delivers "false positives" for vulnerability  -- that is, it may report problems with a site that actually is OK, or that is in the middle of taking steps to protect itself. But the site's creator explains why "false negatives" -- OK signals when there actually is a problem -- should be very rare, and especially if you perform the test several times. Update Here is another good test site.

Point 2: If a site tests through as Safe, then it makes sense to change your password there. And all of my email and financial sites are now saying Safe, so the changes I am making there will stick.

But even if a site does not say Safe, the people I have asked say that it still makes sense to change -- even though you'll need to change again when the SSL for that site is fully repaired.

Reasoning: If you change it now, it's possible that a still-active hacker will capture info today. But if you don't change it now, anything exploited in the past two years is vulnerable. Also, many sites that are not yet fully protected are on higher alert than they would have been before this news, so hackers may have a tougher time in the new environment than when this was an unknown-unknown.

Point 3: The guy who created the test site, a young Italian cryptologist based in Milan, has a donation button on the site.

UPDATE: Here is another industrial-strength test site. I tried the same domain on it, and the score you see here is way, way close to the top of those it has tried. And here is another test site.

Previous post

Presented by

James Fallows is a national correspondent for The Atlantic and has written for the magazine since the late 1970s. He has reported extensively from outside the United States and once worked as President Carter's chief speechwriter. His latest book is China Airborne. More

James Fallows is based in Washington as a national correspondent for The Atlantic. He has worked for the magazine for nearly 30 years and in that time has also lived in Seattle, Berkeley, Austin, Tokyo, Kuala Lumpur, Shanghai, and Beijing. He was raised in Redlands, California, received his undergraduate degree in American history and literature from Harvard, and received a graduate degree in economics from Oxford as a Rhodes scholar. In addition to working for The Atlantic, he has spent two years as chief White House speechwriter for Jimmy Carter, two years as the editor of US News & World Report, and six months as a program designer at Microsoft. He is an instrument-rated private pilot. He is also now the chair in U.S. media at the U.S. Studies Centre at the University of Sydney, in Australia.

Fallows has been a finalist for the National Magazine Award five times and has won once; he has also won the American Book Award for nonfiction and a N.Y. Emmy award for the documentary series Doing Business in China. He was the founding chairman of the New America Foundation. His recent books Blind Into Baghdad (2006) and Postcards From Tomorrow Square (2009) are based on his writings for The Atlantic. His latest book is China Airborne. He is married to Deborah Fallows, author of the recent book Dreaming in Chinese. They have two married sons.

Fallows welcomes and frequently quotes from reader mail sent via the "Email" button below. Unless you specify otherwise, we consider any incoming mail available for possible quotation -- but not with the sender's real name unless you explicitly state that it may be used. If you are wondering why Fallows does not use a "Comments" field below his posts, please see previous explanations here and here.
Get Today's Top Stories in Your Inbox (preview)

Adventures in Legal Weed

Colorado is now well into its first year as the first state to legalize recreational marijuana. How's it going? James Hamblin visits Aspen.


Elsewhere on the web

Video

Adventures in Legal Weed

Colorado is now well into its first year as the first state to legalize recreational marijuana. How's it going? James Hamblin visits Aspen.

Video

What Makes a Story Great?

The storytellers behind House of CardsandThis American Life reflect on the creative process.

Video

Tracing Sriracha's Origin to Thailand

Ever wonder how the wildly popular hot sauce got its name? It all started in Si Racha.

Video

Where Confiscated Wildlife Ends Up

A government facility outside of Denver houses more than a million products of the illegal wildlife trade, from tigers and bears to bald eagles.

Video

Is Wine Healthy?

James Hamblin prepares to impress his date with knowledge about the health benefits of wine.

Video

The World's Largest Balloon Festival

Nine days, more than 700 balloons, and a whole lot of hot air

Writers

Up
Down

More in Technology

From This Author

Just In