Assessing the Damage From Heartbleed
The Internet didn't stay broken-hearted from the Heartbleed bug for long.
Heartbleed, which even has its own logo, helped raise awareness about online security, and as a result, it appears many sites have now patched security flaws and prompted users to change their passwords.
The bug exploits a flaw in Open SSL software that leaves private information, such as passwords and credit card information, up for grabs on sites that aren't protected.
Sucuri Security of Menifee, Calif., did an analysis of websites ranked by Internet traffic company Alexa last week and found that the top-ranked 1,000 websites were all patched.
Of the top 1 million websites, Sucuri found that 20,320 - 2 percent - were still vulnerable, according to the company's blog.
San Diego-based security firm Websense reported similar findings and said that in a scan of 50,000 top-ranked websites, at least 800 were still vulnerable to Heartbleed.
Mark McCurley, senior information security adviser at Identity Theft 911, said Lastpass.com/heartbleed can help you check to see if a site is vulnerable. You can also ask the company or website if they have fixed potential flaws, then update to a strong password, using numbers, upper case, lower case and symbols, McCurley said.