Hi snadge,
Checking on other sites than your own or without written explicit permission/demand of the site-owner
could theoretically land you in jail under the terms of present US and UK law,
read:
http://news.yahoo.com/trying-protect-yourself-heartbleed-could-land-jail-150922215.htmlIt sometimes is putting ethical pentesters and security researchers in rather difficult position.
What comes allowed as normal benevolent malware scanning and what is considered "rattling doors and windows" is not all that clear.
Even spreading info from what such "rattling" delivered in the forms of insecurities,
could be considered illegal under present day regulations.
A heartbleed vulnerability check could be just balancing on the border of what is allowed and what is not,
same with a dns check, a ssl health check etc. etc..
A dazzlepod IP check is frowned upon as the results cannot be brought up against a particular site (without prior written permission).
So who keeps bug information from us to secretly abuse exploits for several years goes scot-free under the present system,
while he who wants to check his private security might find himself in some legal predicament,
when this scanning is being brought up against him. Academically that is a very frustrating reality for security forces
polonus