Online Tool to identify Heartbleed bug affected websites

eScan Launches a unique online tool to identify Heartbleed bug affected websites. eScan Launches a unique online tool to identify Heartbleed bug affected websites. Helps in identifying the vulnerable sites to the users.

Two or three days ago, Intelligent geeky comic rolled out a comic on Heartbleed. This is an ample proof that heartbleed is the , 'the bug', creating nuisance in the cyber world. Something web users need to safeguards themselves from. eScan, Anti-Virus and Content Security Solution , is well aware of threat posed by the Heartbleed bug, that's why it has launched an online tool to identify the latest Heartbleed bug which has been creating chaos in the cyber security landscape. This tool introduced by eScan can be used by IT users to check whether the website they are browsing is affected with the Heartbleed bug or not and can be accessed at

What is Heartbleed Bug?

A major new security vulnerability dubbed Heartbleed bug was disclosed on April 7, 2014 with severe implications for the functioning of the entire web. The bug can scrape a server's memory, where sensitive user data is stored, including private data such as usernames, passwords, and has been in existence on the Internet for the past two years. It allows hackers to exploit a flaw in the OpenSSL encryption software used by a majority of major websites to steal data.

Since a majority of websites are vulnerable to the Heartbleed bug, changing a password will not help much; as the website would have to update their OpenSSL software first in order to mitigate the threat. Simply type the website address that you wish to browse into the box displayed in the tool, and it will let you know whether it is safe. Although, websites such as Facebook, Gmail, Amazon, Yahoo!, Twitter and others are not vulnerable, however numerous other websites/servers are still vulnerable to this.

The Heartbleed bug, basically takes advantage of OpenSSL encryption software, which is in standard use by many websites and while browsing an SSL site, the secured site is designated by the small padlock symbol, however not all web servers have deployed OpenSSL. A new protocol was introduced to the TLS/DTLS allowing the usage of keep-alive functionality without performing a renegotiation. When messaging back and forth on a secure connection, sometimes computer wants to check the other computer's availability. This cross checking is done by sending a small packet of data, called 'heartbeat'. The Heartbleed bug flaw allows hackers to use a fake packet of data, which tricks the computer into responding with arbitrary data stored in the memory by OpenSSL. The attacks using this flaw are undetectable by current standards and the bug existed under the radar for about two years.

Mr. Govind RamamurthyMD and CEO, eScan said, 

"Users are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (Transport Layer Security) implementation used to encrypt traffic on the Internet. Hackers are using smart social engineering tricks more and more often on popular social sites, company's site and commercial sitesHence, our newly launched online tool makes it easy for IT users to enjoy safe internet browsing and have a secured computing experience."

No comments