McAfee launches Heartbleed checker tool

McAfee has launched an online tool to help check whether websites are using the pre-patched version of OpenSSL that is still vulnerable to the Heartbleed exploit.

Heartbleed Checker allows web users to enter website domains into the tool and determine whether those sites have upgraded to the version of OpenSSL that is not susceptible to the exploit.

McAfee Vice President of Consumer Marketing Gary Davis said it is important that users “first check to make sure the websites they frequent are updated before changing their passwords”.

Changing passwords prematurely could allow cybercriminals to access both the old and new password using the exploit.

Users with accounts on websites still using the vulnerable OpenSSL implementation should carefully monitor the account for any authorised activity, McAfee said.

Once the site has been patched, users should change their passwords, preferably to passwords using a combination of letters, digits and symbols that are at least eight characters long.

McAfee advises using a password manager to generate and store strong passwords, and making use of two-factor authentication when possible.

Heartbleed is a recently discovered bug in pre-patched versions of OpenSSL that potentially allows attackers to read parts of the memory cache of sites protected with SSL encryption - including user names and passwords.

Image courtesy of snoopsmaus under CC