Keeping the blog post short, I will directly explain what the Heartbleed bug actually is and how it affects a wide range of websites on the internet. Also will uncover a tool that will test if a particular website is vulnerable or not and a list of currently vulnerable websites.
SPOILER : Yahoo.com is vulnerable as of 08-04-2014. Yahoo.com has fixed the vulnerability.
LastPass users can check if the sites in their Vault is vulnerable to the attack or not. Just click on Tools > Security Check. Start scanning the Vault and you will be presented with a list of vulnerable sites.
1. What is Heartbleed bug?
Heartbleed is the name of a recently discovered critical bug in the OpenSSL protocol used by millions of websites on the internet. OpenSSL is an implementation of SSL and TSL both of which are cryptography protocols designed to provide communication security over the internet.
2. What versions of OpenSSL are affected?
OpenSSL version 1.0.1 through 1.0.1f are vulnerable.
Sites that use older version than 1.0.1 are not vulnerable.
3. What will happen when the Heartbleed bug is exploited?
It will expose usernames, passwords, and other content you send to a secure web site.
4. How do I know if a website is vulnerable to the bug?
5. Which sites are currently vulnerable?
Google & Facebook are currently not vulnerable but Yahoo.com is (as of 08-04-2014). You can find a list of all the sites here : Heartbleed Vulnerable List
6. What can I do to protect myself from Heartbleed bug?
Its the webmasters duty to update their SSL version to bug free version, All you can do is to stop using the vulnerable websites for the moment and keep checking their Blogs or Message boards for updates. Later when it is fixed, Login and change your password.
If this FAQ helped you, Please share it with your friends using the Social Share buttons below.