There’s been a tremendous amount of activity over the past few weeks in response to the Heartbleed bug discovered in OpenSSL, an open source tool used by thousands of web sites to encrypt web traffic. The bug enables an attacker to obtain a random 64K chunk of memory which could contain sensitive information, such as a user ID or password. The result has been a mad scramble to fix the vulnerability by the many web site owners and security software vendors who rely on OpenSSL.
Earlier this week McAfee posted an online SSL testing tool that you can use to verify whether a site you’re accessing contains the vulnerability or not. Today, McAfee is also offering a free tool to McAfee Web Gateway customers which can automatically check sites that their users visit for the vulnerability and either warn the user or block their access until it has been remediated. The tool relies on a service which McAfee is hosting to check for the presence of the bug, but you can also configure your own Heartbleed checking service so you won’t be dependent on McAfee’s service. Note that this is not a supported feature of McAfee Web Gateway and is offered as-is with no warranty.
For more information on how to configure your McAfee Web Gateway system to protect your users against vulnerable sites, visit this page on the McAfee Community site.