Heartbleed affected websites – What you need to know about the OpenSSL vulnerability

Micro Doctor has been hard at work evaluating the effects of Heartbleed Vulnerability and whether or not we have any potential concerns for your systems. First we looked at our internal and external servers. Luckily our main security vendor, Sonicwall, protects us against any Heartbleed exploits. None of the Sonicwall firewalls have any vulnerability to Heartbleed and its Intrusion Protection Service is blocking attempts to exploit the OpenSSL vulnerability.

We were not using OpenSSL for any of our websites that we host here. OpenSSL is more widely used on Apache/Linux web servers that means our Microsoft IIS servers are using Schannel and they are NOT vulnerable to Heartbleed. Here is the ever-growing list of Websites that were affected and whether or not they are safe now and whether or not you should change your password.  

Site                                             Patched            Change password            Notes:

Facebook.com                

Instagram.com               

Twitter.com                    

Tumblr.com                    

Pinterest.com                 

Linkedin.com                  

Smartermail                    

AOL.com                         

Gmail.com                      

Hotmail.com                   

Yahoo.com            

Apple.com                      

Amazon                           

Google                             

Microsoft.com       

Ebay.com                         

Netflix.com                     

Dropbox.com                 

Lastpass.com                  

Flickr.com     

Logmein.com                 

Pandora.com                  

Yes

Yes

Yes

Yes

Yes

No

No

No

Yes

No

Yes

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

No

Yes

Yes

No

Yes

Yes

No

No

NO

Yes

No

Yes

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

No

Not sure it was ever affected

It was infected change password

Twitter claims no breaches

Not sure it was ever affected

Not sure it was ever affected

No use of OpenSSL

No use of OpenSSL

No use of OpenSSL

Google says we are safe

No use of OpenSSL

This is a BIG one – change the password

Why does Apple get a free pass on attacks

Conflicting answer here – Change it anyway

Google says we are safe

No use of OpenSSL

No use of OpenSSL

Change the password

This one scares me

Crazy one here

Pictures OK change it anyhow

Change Logmein and Windows passwords

No use of OpenSSL

List of sites not vulnerable to OpenSSL Heartbleed vulnerability: Comcast.net, Ikea.com, Ups.com, Reuters.com, Walmart.com, Zillow.com, Skype.com, Salesforce.com, AVG.com, Weather.com, ESPN.com, Craigslist.org, Paypal.com. We have no reports of vulnerabilities at any Banking or Credit Card websites.

Cloud Providers affected are: Google, Amazon, Rackspace and CenturyLink.

So what is Micro Doctor doing to protect its MD-Care managed service clients? We have identified 40 potentially vulnerable Logmein Installations and we are remotely patching Logmein at those locations via our powerful scripting tool. We have complete internal security checks and although we do not use OpenSSL, we are patching other servers that are missing some Microsoft patches.

What do you need to do? If you use some of the websites listed in the vulnerability list then login and change your password. Ifyou have a personal account at Logmein.com you should be verifying machines have the updated version of LogMeIn Pro  Windows 4.1.0.4144 or above.

Micro Doctor is you one stop shop for all IT related services, including security, managed proactive patching and IT Projects. With 25 years of experience you won’t find a more technically stable IT company in the area.

Written by: Mark Richmond, President of Micro Doctor Inc. reach us at https://microdoctor.com or 330-898-2100

Leave a Comment

Scroll to Top