Most major websites have patched the gaping security hole called the Heartbleed bug, which at one point affected up to two thirds of the Internet. However, there are still some stragglers. A new free browser plugin and Android app from cloud security company Trend Micro can help check that the sites you visit and Android apps you download are Heartbleed-free.
The Heartbleed bug exists in a version of OpenSSL, a type of software used to encrypt data in transit, such as between your computer and the server of a webpage you're visiting, or between your smartphone and the server of an app you have installed. Trend Micro's browser plugin and app can help users feel a bit more secure on the Internet.
The browser plugin, "Trend Micro Heartbleed Detector," is for the Chrome browser on Mac and Windows computers. It's available for free on the Chrome Web Store. Users type a website URL into the plugin's text box and it will tell them if the site uses a version of OpenSSL containing the Heartbleed bug. Several other services do that, such as the free Qualys' SSL test, which we used when writing previous Heartbleed stories.
The Android app, also called "Trend Micro Heartbleed Detector" and free on the Google Play Store, scans your installed apps to see if any of them are vulnerable. We tried out the app on our Samsung Galaxy S4. The setup was simple. We just pressed the scan button, and after less than a minute the app informed us that our 25 installed apps were in the clear.
Trend Micro's plugin and app can tell you only whether you're using a vulnerable website or app; they can't patch the bug. That's up to the website and app creators. They also can't check things like virtual private networks, which are also vulnerable to the Heartbleed bug.