It's been two weeks since the devastating Heartbleed Internet-security encryption bug was first made public, but many websites have yet to patch the flaw, and their users are still at risk. One way to protect yourself is by installing Internet analytics and security company Netcraft's free browser-based Heartbleed detector for Firefox, Opera and Chrome.
Netcraft's is not the first Heartbleed-detecting browser extension we've seen since the bug was disclosed April 7. But it may be one of the best; in addition to showing you if a site is currently vulnerable, it also indicates whether the site was ever vulnerable in the past two years.
Why does it matter if a website was ever vulnerable to Heartbleed? Because any information -- such as your login credentials -- that passed through a Web server while it used a flawed version of the OpenSSL encryption library could have been read by an attacker.
If you're still using the same password to log into a website as you did when the site was vulnerable to Heartbleed, you should consider that password compromised and change it.
The Netcraft browser extension also contains a button that lets users flag a page they believe to be a phishing site. There's a chance cybercriminals will prey on people's fears of Heartbleed to trick them into clicking links that appear to be helpful, but are actually scams.
Here's how to set up and use Netcraft's Heartbleed browser extension.
1. Go to toolbar.netcraft.com/install and click on the icon of the browser on which you wish to install the extension (Firefox, Chrome or Opera). For this article, we're using the Chrome version; clicking the Chrome icon on the Netcraft page takes you to the Chrome Web store.
2. In the Chrome Web store, click the button that reads "+ Free." A popup box will appear asking you to confirm that you wish to add the extension. Click "Add."
3. Once it's added, you'll see the Netcraft logo in the upper right of your Chrome browser (next to the icons of your other extensions).
4. To check a given website's Heartbleed-related security, click on the Netcraft extension icon. A dropdown box will appear with the site's risk rating, country of origin, date created and other statistics. There's also a button that lets you flag a page as a possible phishing site.