Update: HP has issued a notice to customers alerting them that scanning some versions of HP iLO (Integrated Lights-Out) will result in a DoS (Denial of Service) condition requiring physical power to be removed from the system in order to resolve it. It is a good idea to always run a scan against a limited test environment before unleashing a mass scan on your entire live network. In the wake of the Heartbleed vulnerability revelation, many security vendors raced to provide tools to help businesses and individuals test for the flaw on their own systems. Unfortunately, many of those tools used flawed logic, or delivered inaccurate results—either causing undue alarm, or providing an unwarranted sense of security. CrowdStrike has developed a new free Heartbleed Scanner tool that delivers more comprehensive information to help you understand which systems or applications are at risk.Netskope has been tracking the status of popular enterprise cloud apps, and the most recent weekly update claims that 35 of them have yet to patch for Heartbleed. The problem with Heartbleed is that OpenSSL is so widely used that it’s a challenge to even determine just how many servers, applications, devices, or other technologies are vulnerable.The CrowdStrike Heartbleed Scanner tool provides more comprehensive information.In a blog post announcing the new CrowdStrike Heartbleed Scanner, CrowdStrike co-founder and CTO Dmitri Alperovitch explains that most of the tools that have been released may be fine for determining if your public website is vulnerable, but there was a need for a tool that can scan internal networks, and other non-HTTPS services for indications of the Heartbleed vulnerability. CrowdStrike developed a tool to fill that void. Most security experts agree that Heartbleed is a very serious issue. In fact, many have told me that this is possibly the most critical vulnerability they’ve encountered in the last five or ten years, or possibly even in their entire career. Some of the hype and hysteria around Heartbleed has been misleading, but the stark, simple reality is that it’s a big deal, and organizations need to be able to identify vulnerable devices and technologies so they can take steps to patch or remediate.The CrowdStrike Heartbleed Scanner can scan Intranet SSL websites, OpenSSL VPNs, secure FTP servers, databases, secure SMTP / POP/ IMAP email servers, routers—even printers and smartphones. The CrowdStrike tool doesn’t just show a list of vulnerable servers or devices. It also outputs the contents of the 64kb of memory that are returned by exploiting Heartbleed so you can see what impact the flaw could have on your network and services. You can download the CrowdStrike Heartbleed Scanner for free here. Related content news VTech hack exposes personal information of millions of customers By Tony Bradley Nov 30, 2015 3 mins Data Breach Cyberattacks Internet Security news An encryption back door won’t actually help intelligence agencies By Tony Bradley Nov 24, 2015 4 mins Internet Security Data and Information Security news Damballa warns that the enemy may already be in your network By Tony Bradley Nov 23, 2015 3 mins Data Breach Cyberattacks Internet Security news Vera partnership gives Dropbox comprehensive data security By Tony Bradley Nov 05, 2015 3 mins Dropbox Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe