Heart bleed bug test: Check list of computer virus affected websites, do's and don'ts of changing your passwords

Codenomicon

Facebook, Twitter, Tumblr, and other top websites are scrambling to reassure users that their pages are now safe from the Heartbleed bug.

As news of the OpenSSL software flaw spread across the nation, many users simply changed their account passwords. Then came the message that password changes on unsecure sites are fruitless, and panic set in.  

While many top sites implemented the Fix OpenSSL software early on and informed users of the renewed safety, thousands of sites have either not implemented a fix, or have not communicated their website's status to accountholders.

The Daily Mail created a list detailing who was affected, whether the problem has been fixed, and whether a password change is recommended.

Affected major sites include Facebook, Instagram, Tumblr, Google search, Gmail, Yahoo and Yahoo Mail, Netflix, YouTube, Amazon web services, Dropbox, and LastPass.

Some websites, such as http://filippo.io/Heartbleed/, allow visitors to search a domain name to see if the website is still compromised.

Mobile protection app Lookout checks to see if users are running a compromised version of Android-- reminding consumers that mobile devices are affected by the Heartbleed bug as well.

Nicknamed "Heartbleed," the "bug" is actually a weakness in OpenSSL's cryptographic software that makes SSL/TLS encryption backfire on computer users. The "https" protocol that is supposed to identify a secure website is actually a signal to hackers that the site is vulnerable to cyber attack. The hackers can then trick a computer's server into sending data stored in its memory.

Google security researcher Neel Mehta was the first to discover Heartbleed, and the weakness was confirmed by internet security firm Codenomicon. Alarmingly, researchers found that the Heartbleed flaw has been in OpenSSL for two years. It is unknown if attacks have been carried out, because exploiting the software loophole leaves no trace.

To end Heartbleed's hold on the server, vendors and service providers must adopt the Fixed OpenSSL, which was released Monday.

"Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users," Codenomicon instructs. "Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use."