Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
C J Silverio
April 15, 2014
Technology
130
0
Share
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
310
Keeping JavaScript safe
ceejbot
3
490
ceej's how to solve it
ceejbot
6
780
work-life balance at npm
ceejbot
5
800
hash functions and you!
ceejbot
2
380
The accidental noder
ceejbot
2
180
Design Patterns & Modularity in the npm Registry
ceejbot
3
210
Monitoring on a budget
ceejbot
2
310
Other Decks in Technology
See All in Technology
Datadog 認定試験の概要と対策
uechishingo
0
230
Claude code Orchestra
ozakiomumkj
3
920
Diagnosing performance problems without the guesswork
elenatanasoiu
0
160
サプライチェーンセキュリティの空白地帯 - 信頼できる”依存性”の未来を考える
rung
PRO
2
650
個人の発見を、組織の知恵に 〜生成AI活用を"探索"から"組織の仕組み"へ〜
kintotechdev
2
830
ポケモンの型をTypeScriptの型システムで表現してみた
subroh0508
0
160
地元にいないローカルオーガナイザーの立ち回り
uvb_76
1
450
JJUG CCC 2026 Spring AI時代の開発こそ標準化を武器に! ― 方式・プロセス・プラットフォームの標準化
s27watanabe
2
690
AI活用を推進するために ファインディが下した、一つの小さな決断
starfish719
0
220
Databricks 月刊サービスアップデート 2026年05月号
tyosi1212
0
200
先取りMaven4 ~16年ぶりのメジャーアップデート、その進化とは?~
ogiwarat
0
140
AIを「創る」と「使う」の循環 — HRテックが実践するリアルなAI組織実装
taketo957
0
1.1k
Featured
See All Featured
How to Talk to Developers About Accessibility
jct
2
220
Navigating Algorithm Shifts & AI Overviews - #SMXNext
aleyda
1
1.3k
The browser strikes back
jonoalderson
0
1.1k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
52k
How STYLIGHT went responsive
nonsquared
100
6.2k
How to Get Subject Matter Experts Bought In and Actively Contributing to SEO & PR Initiatives.
livdayseo
0
130
Building AI with AI
inesmontani
PRO
1
1k
Done Done
chrislema
186
16k
Navigating the Design Leadership Dip - Product Design Week Design Leaders+ Conference 2024
apolaine
1
340
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
2
320
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
aleyda
1
2.1k
Deep Space Network (abreviated)
tonyrice
0
160
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
uechishingo
ozakiomumkj
elenatanasoiu
rung
kintotechdev
subroh0508
uvb_76
s27watanabe
starfish719
tyosi1212
ogiwarat
taketo957
jct
aleyda
jonoalderson
chrisshort
nonsquared
livdayseo
inesmontani
chrislema
apolaine
tammyeverts
tonyrice
