May 19, 2014
Is the Internet safer since the discovery of Heartbleed? To an extent.
Many websites responded promptly to the bug by patching OpenSSL, replacing their SSL certificates and revoking the old certificates. However, 7% of these sites made a mistake: they reissued certificates without changing the encryption key that may have been leaked via Heartbleed.
It is critical to keep the private keys of certificates secret. If an attacker steals the private key, he can impersonate the secure website, decrypt sensitive information, or perform a man-in-the-middle attack. By reusing the same private key, a site that was affected by Heartbleed still faces exactly the same risks as those who have not yet replaced their SSL certificates.
So, it is STILL VERY IMPORTANT to check first before visiting sites to see if they remain affected by Heartbleed. You can check these sites by using several online tools, including: