Heartbleed: Where You Need to Change Your Passwords

Status
Not open for further replies.

agnickolov

Distinguished
Aug 10, 2006
147
0
18,630
Alas, the full list is not that useful. Quite a few of the sites have no report, like tigerdirect.com that I checked -- says no SSL even though TigerDirect does use SSL for account login and shopping.
 

ddpruitt

Honorable
Jun 4, 2012
226
0
10,860
I would argue that the value of the list between nil and none. The vulnerability has been around for 2 years and evidence suggests that hacker's have exploited the flaw. Google might be patched but what about a month ago? or a year ago? To be on the safe side passwords should be changed for any site unless they explicitly state that they haven't run OpenSSL at any time in the last two years.
 

Paul Wagenseil

Senior Editor
Apr 11, 2014
692
1
4,940
We ran through Alexa's Top 100 U.S. websites and manually ran checks against each one, using a different tool than Mustafa al-Bassam used to run his script against the top 10,000 Alexa global sites. If you'd like to manually run checks against every site on the Web, we will not stop you.
 
Status
Not open for further replies.