1Password Watchtower

www.paypal.com (

HTTPS

)

Status

Recommended Action

Important References

Check Another Website

How do we determine website status?

The 1Password Watchtower service performs a number of tests on a domain and its certificate to determine its Heartbleed status. Even with all of the tests that we run, there are some uncertainties that prevent perfect categorization.

We can reliably tell which sites are currently vulnerable and which sites are not. We can also tell the validity date of a certificate, but some newly reissued certificates may have old dates. Where uncertainty exists, we run other tests, but they only offer hints at which status we should assign.

The biggest uncertainty is that we have no reliable way to distinguish between sites waiting for new certificates and sites which were never vulnerable. By default, both such sites will be shown as needing new certificates.

Restrictions

The status shown was for the exact domain www.paypal.com and does not test any other domains (top-level or subdomains). This test was limited to 443 and did not test other ports.

Special Thanks

We'd like to give a special thanks to http://heartbleed.com for an excellent description of the Heartbleed exploit, and http://heartbleedheader.com for giving websites a pragmatic way to classify their website status.

We'd also like to thank the security community in general for sharing their knowledge and responsiveness to the Heartbleed exploit.

Administrators

If you're the administrator for www.paypal.com, and the information above is not correct, the most comprehensive way to identity your site's Heartbleed's status is using http://heartbleedheader.com. If your site continue to be reported incorrectly, please let us know.