It’s been two days since the world was alerted to the super-scary Heartbleed bug, which allows hackers to snoop on your passwords and credit card numbers on many of the Internet’s most popular websites.
You have probably heard by now that you should change your passwords to all of the cloud services that you use. Maybe you’ve done that. Maybe you haven’t.
The truth is, changing your passwords might not be enough to protect you. If a site has the bug, it is baked into the software used by the website (software known as OpenSSL). If the owners of that site haven’t fixed the website, then your new password is just as exposed as your old one.
Luckily, there is a Chrome browser extension you can use to check sites for Heartbleed vulnerability before you use them.
Sites such as Yahoo, Google, Tumbler, Flickr were all affected, have all fixed their websites and recommended you change your password. So does Facebook, Mashable reports.
But some 368 cloud providers are still using the buggy software, says security firm Skyhigh Networks, who scanned hundreds of popular cloud services last night testing for the bug. Skyhigh hasn’t made that list public, though it has alerted all of the cloud providers.
This page on Github is the best public list yet. If you use any of the services on this list, you’ll need to change your password when you are sure the website has fixed its site.
It could take weeks for all of them to fix their websites. Businesses are particularly vulnerable. The average business is using 626 cloud services, so the chances that some of them have Heartbleed is pretty high, SkyHigh says.
In the meantime, the easiest way we’ve found to keep you safe is to use a new add-on to the Chrome browser, Chromebleed, created by security researcher Jamie Hoyle. The add-on simply tells you whether a site is safe from Heartbleed or not.
If you don’t use Chrome, you can head over to a Heartbleed checking website created by Filippo Valsorda. Just type in the URL before you visit the site to make sure its safe. And do not buy anything over the Internet until you know the website is safe.