Top
Computer Glossary
Security Tips & Information
What's New!!
Help Desk
Taking care of your PC
My Favorite Links
Buying & Recycling PC's
Protect Yourself Online
Software
The mysterious "Cloud"
Improve & Protect your Browser
About Thom & the Site
Search

Pittsburgh Tech Guy

Phone: 412-256-8674

Email: pghtechguy@hotmail.com

Skype: pghtechguy on Skype

 

How to Backup your computer online for free
« Complete review of all your online backup options | Main | Google Glass available to the general public for one day only...April 15th »
Thursday
Apr102014

Lastpass lets you check your Heartbleed vulnerability

DateThursday, April 10, 2014 at 10:47PM

LastPass has released a new tool to show you which of your supposedly secure online accounts are at risk of being compromised, as the Heartbleed fallout continues with numerous major sites admitting to being hit by the devastating bug.

Heartbleed is the recently disclosed programming flaw in OpenSSL that would allow attackers to read the contents of a server's memory, exposing critical information such as SSL site keys, usernames and passwords, and user data.

LastPass shows your bleeding hearts

heartbleed security check 1 LastPass.com

LastPass now runs a security check to show accounts for sites affected by Heartbleed. (Click to enlarge.)

Not content with letting users check Heartbleed-affected sites one by one with its individual site-checking tool, the LastPass password manager now has an automated solution for its users. If you're using LastPass in your browser, just tap on the LastPass icon and go to Tools > Security Check.

This will redirect you to the LastPass website, where the service will scan your password vault and come up with a list of sites affected by Heartbleed. The list will also tell you how old your password is, when the site last updated its security certificates, and whether you should change your password.

That last point is crucially important, because there's no sense in changing your password on an affected site until it has been patched, as explained in PCWorld's guide to staying protected from Heartbleed

I'm a longtime LastPass user. When I ran the security check against my own vault, it showed a number of accounts that needed to have their password changed. While helpful, the LastPass tool wasn't perfect, however. It advised me to wait before changing my Tumblr password, for example, even though Tumblr publicly advised users to change their passwords before the new LastPass security check was publicly available.

Nevertheless, as a quick way to head off potential problems, the LastPass integrated tool is a great place to start a Heartbleed self-audit.

Heartbleed highlights

A number of major sites have recently admitted they were affected by Heartbleed and issued fixes for their services, including:

AuthorThom McClain | CommentPost a Comment |

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
All HTML will be escaped. Hyperlinks will be created for URLs automatically.

Notify me of follow-up comments via email.