Trend Micro offers free Heartbleed scanners
Tools cover PC, mobile Internet users to check websites, Android apps for vulnerabilities
Trend Micro Incorporated today announced the release of two free Heartbleed scanners for computers and mobile devices designed to verify whether end-point devices are communicating with servers that have been compromised by the Heartbleed bug.
Heartbleed describes a flaw in the open-source version of Secure Sockets Layer (OpenSSL) that allows malicious parties to fool host servers into parting with RAM content that has nothing to do with the active session. Concerns have arisen that such content could be anything recently used by the server in other secure sessions, including security credentials and private information.
Trend Micro's solutions are Heartbleed Detector, a Chrome browser plug-in available for download in the Chrome Web Store; and an Android mobile app, from Google Play.
Available for Mac and Windows-based computer users, the Trend Micro Heartbleed Detector is a multi-platform plug-in for Chrome that enables users to check for vulnerable URLs and installs with a single click.
Trend Micro researchers have also discovered that mobile apps are just as vulnerable to the Heartbleed bug as websites are. In an effort to mitigate this threat, Trend Micro has developed the Heartbleed Detector to check apps on a user's device and the servers they communicate with, to determine if installed apps are vulnerable to the OpenSSL bug. If vulnerable apps are, the detector then prompts the user with the option to uninstall the app
"Trend Micro has responded to the Heartbleed threat by offering tools to all Internet users as a solution to protect their personal data," said Raimund Genes, chief technology officer, Trend Micro.
"With in-app purchases and financial transactions on mobile devices becoming the norm, Trend Micro felt it was vital to offer users a solution designed to enable them to continue operating their devices without worry. Heartbleed is a problem that may never entirely go away, but we are committed to providing and updating our solutions to best protect the data of our customers, and provide essential security on each device they use."