If you haven’t already heard there is currently a security vulnerability with openSSL, it’s been nicknamed heartbleed. The vulnerability potentially allows hackers to “…read the memory of the systems protected by the vulnerable versions of the OpenSSL software”. In simple terms hackers can access data that is usually encrypted by openSSL.
You can see if a specific site is at risk of being exploited by the Heartbleed vulnerability by using an SSL test that checks automatically for the vulnerability. My favorite can be found here. We suggest testing all of the sites you have personal information on, if one of these sites fails the test then contact customer service to find out why they haven’t patched up this vulnerability.
Tests Of Popular Sites
It’s good to see Credit Karma pass this test with flying colors, they’ve recently been in the news because of lax security on their mobile application. They even went as far to make a dedicated blog post on this issue to let their customers know that they’ve fixed the vulnerability.
For some reason the test wasn’t able to complete for Credit Sesame. We’ve sent them an e-mail to find out why this might be the case and if they have patched the site for Heart Bleed. We will update if they respond.
Quizzle passed with flying colors and have already patched the site for the heart bleed vulnerability.
Another A pass grade for Chase. It’s good to see that this behemoth of a bank has patched the security vulnerability.
It looks like almost all financial institutions or places that have access to sensitive consumer data have patched their openSSL (or weren’t using it in the first place) and as such data can no longer be accessed through the heartbleed vulnerability.
How’d the financial institutions you use do? Have any of them failed to patch the vulnerability? Let us know in the comments.