IDG News Service >
 

Healing Heartbleed: LastPass outs automated checker, major sites admit vulnerability

o Ian Paul
10.04.2014 kl 14:32 | PC World (US)

LastPass has released a new tool to show you which of your supposedly secure online accounts are at risk of being compromised, as the Heartbleed fallout continues with numerous major sites admitting to being hit by the devastating bug.

 

LastPass has released a new tool to show you which of your supposedly secure online accounts are at risk of being compromised, as the Heartbleed fallout continues with numerous major sites admitting to being hit by the devastating bug.

Heartbleed is the recently disclosed programming flaw in OpenSSL that would allow attackers to read the contents of a server's memory, exposing critical information such as SSL site keys, usernames and passwords, and user data.

LastPass shows your bleeding hearts

Not content with letting users check Heartbleed-affected sites one by one with its individual site-checking tool, the LastPass password manager now has an automated solution for its users. If you're using LastPass in your browser, just tap on the LastPass icon and go to Tools > Security Check.

This will redirect you to LastPass' website where the service will scan your password vault and come up with a list of sites affected by Heartbleed. The list will also tell you how old your password is, when the site last updated its security certificates, and whether or not your should change your password.

That last point is crucially important since there's no sense in changing your password on an affected site until it has been patched, as explained in PCWorld's guide to staying protected from Heartbleed. 

I'm a longtime LastPass user and when I ran the security check against my own vault it showed a number of accounts that needed to have their password change. While helpful, LastPass' tool wasn't perfect, however. It advised me to wait before changing my Tumblr password, for example, even though Tumblr publicly advised users to change their passwords before the new LastPass security check was publicly available.

Nevertheless, as a quick way to head off potential problems, LastPass' integrated tool is a great place to start a Heartbleed self-audit.

Heartbleed highlights

A number of major sites have recently admitted they were affected by Heartbleed and issued fixes for their services including:

Keywords: Internet  Security  
Latest news from IDG News Service

Copyright 2009 IDG Magazines Norge AS. All rights reserved

Postboks 9090 Grønland - 0133 OSLO / Telefon 22053000

Ansvarlig redaktør Henning Meese / Utviklingsansvarlig Ulf Helland / Salgsdirektør Tore Harald Pettersen