Posted by amy on 10 April 2014 07:01 PM
The announcements are starting to trickle out from the bigger players in the industry as to who is patched and who doesn’t use OpenSSL. I came across a nice visual list of some of the biggies.
There are other lists of tens of thousands of websites but I find it a bit overwhelming. We’ve created a client facing document for you and it’s in the knoweldgebase at ThirdTier/Helpdesk/Knowledgebase in the SMBKitchen ASP project. It’s free for everyone through the end of this month.
What you really need to know is that 66% of the Internet uses OpenSSL. The list includes GoDaddy which is the biggest provider of SSL certificates, which means you probably can’t trust your certificate and will need to rekey it. GoDaddy recommends it. Further you need to change your passwords on effected websites and anywhere else that you use that same password but (and here’s the tricky part) you need to not do it until you’ve verified that they are patched.
https://lastpass.com/heartbleed/ is a website checker. Add: portnumber to the end of the URL to check alternative ports other than 443.
Here is what we would say at SMBKitchen ASP:
Are you not a member of SMBKitchen ASP? Join up. It’s free through the end of the month. http://www.thirdtier.net/smbkitchen-asp/ Our goal is to help IT firms be more aware, be better consultants and survive in the new era.