Si crees que este complemento viola las políticas de complementos de Mozilla o tiene problemas de seguridad o privacidad, por favor informa a Mozilla utilizando este formulario.
Por favor, no utilices este formulario para informar de fallos en el complemento o solicitar nuevas funcionalidades; este informe se enviará a Mozilla y no al desarrollador del complemento.
For a couple of weeks now I've been checking the headers with HttpFox (https://addons.mozilla.org/firefox/addon/6647) and noticed the message "HTTP/1.1 503 Service Unavailable: Back-end server is at capacity" after visiting any site and requesting Heartbleed vulnerability status (via https://heartbleed.prod.mozaws.net/bleed/SITENAME).
Use this tool at your own risk: if the servers checking Heartbleed status are swamped and the tool can't warn you, it's as good as not checking. Thankfully, most sites have patched the Heartbleed bug.
After all the hub hub about heartbleed I was looking for something like this and found it was free! It does work i think. Although after reading the earlier posts I realized nothing is free and deleted.
Works as advertised. It needs some online checks against a public server, but that's it.
If you don't trust the author, you can check the code and run your own server too, so...
Kudos to the developer, thanks.
Tested and it works great. Thank you Sibi for clarifying the operation of the plugin. Sniffed the traffic and confirmed what you are saying. Whois is not a security or data mining threat.
For those who are whining over data tracking and 'sending URLs', the new version uses a secure mozilla server (heartbleed.prod.mozaws.net) to check for status. (http://whois.domaintools.com/mozaws.net). And it doesn't send URLs, rather the domain names.
When Heartbleed news broke out, a lot of good-willed people wrote tools to warn people (notably Filippo's checker). Most of the add-ons relied on his server to check the status. Both the checker and this add-on are publicly licensed and you can view and modify the code . All these were from the people who didn't belong to any tracking corporation or had any private interest, and they have done a favor by writing up tools/add-ons in a short time. For those who are still not convinced, they can launch the checker on their host (https://github.com/FiloSottile/Heartbleed) and point the add-on to that.
So, thank you, Kris.
It sounded like a good add-on. Unfortunately firefox doesn't create all the add-ons & extensions. Thank you everyone who posted!
A simple question, but "HELP" doesn't have an answer. How do I remove Heartbleed Notifier? How about it Kris?
When you build an add-on, there should be a delete button.
I guess everyone will have to start writing their own operating system and applications and not use any software from anyone else anymore. You can't trust anyone. Everyone wants your info.
I can't go into a store and buy a pack of chewing gum without someone wanting my Social Security number.
I had Heartbleed Notifier installed for a couple of hours. I should have read these reviews first. It's gone now though. I deleted MaskMe earlier when it was grabbing my passwords and storing them on some server God only knows where. Needless to say it is history as well. I had to change all my passwords too.
I have to agree with Michal Ambroz, this is potentially harmful and the addons
that are submitted by users on this service should be checked for malicious content.
I had installed it until I had read about the submission from Michal Ambroz.
I have uninstalled immediately!
There needs to be a better way to detect this and why haven't these orginsations already updated to the newest version of OpenSSL 1.0.1g?
In theory it's a good idea, but in practice, I don't like the idea of my information going to some cloud service I have no affiliation with.
The extension uses Filippo Valsorda's Heartbleed checker URL which seems to be common to most of the extensions of this type. But as the previous reviewer noted, it is unclear as to how confidential your browsing is if you install this addon.
To the developer, good idea but the notifications are too subtle.. the tiny icon is easy to miss. There should be some options for other ways of being notified such as a popup, overlay, or audible warning perhaps?
I consider this extension potencially harfull to your data and confidentiality of your credentials.
This extension is sending your URLs to some machine in Amazon cloud.
It is not clear what is happening with the data then.
It can be potencially used to harvest your data straight after you log-in to vulnerable site after you have been told the site is clean.
This is only about the trust - how much you believe the one who is running the no-name machine in the cloud.
It does not send URLs. It sends hostnames, which in general can not be used to harvest data other than what hostnames a particular public IP has visited. If it bothers you, feel free to uninstall it.