Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
130
0
Share
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
310
Keeping JavaScript safe
ceejbot
3
490
ceej's how to solve it
ceejbot
6
780
work-life balance at npm
ceejbot
5
800
hash functions and you!
ceejbot
2
380
The accidental noder
ceejbot
2
180
Design Patterns & Modularity in the npm Registry
ceejbot
3
210
Monitoring on a budget
ceejbot
2
310
Other Decks in Technology
See All in Technology
ポケモンの型をTypeScriptの型システムで表現してみた
subroh0508
0
160
AIガバナンス実践 - 生成AIコネクタのデータ漏洩リスクと実務対策
knishioka
0
170
最低限これだけ押さえれ大丈夫_Claude Enterprise/Team企業展開ガバナンス入門
tkikuchi
1
720
AI-DLCを活用した高品質・安全なAI駆動開発実践 / AI Driven Development with AI-DLC
yoshidashingo
0
110
Sony_KMP_Journey_KotlinConf2026
sony
2
210
Java正規表現エンジン(NFA)の仕組みと パフォーマンスを維持するための最適化手法
takeuchi_132917
0
180
価格.comをAI駆動で全面刷新する ー 30年分の技術的負債を返し、次の30年の土台をつくる ー / AI Engineering Summit Tokyo 2026
tkyowa
38
40k
形式手法特論:公平性制約の位相的特徴づけ #kernelvm / Kernel VM Study Kansai 12th
ytaka23
1
710
Javaで学ぶSOLID原則
negima
1
270
実装は速くなった、レビューはどうする? ― 自身のレビューをAIで再現させるサーヴァントエンジニアリングのすゝめ / Implementation got faster. So what about reviews? — An invitation to Servant Engineering: Recreating your own code reviews with AI
nrslib
6
3.1k
Platform engineering for developers, architects & the rest of us (AI agents)
danielbryantuk
0
180
Claude Codeを組織で使いこなす— サーバサイドAIエージェント運用の実践知
techtekt
PRO
0
190
Featured
See All Featured
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
25
1.9k
Google's AI Overviews - The New Search
badams
0
1k
Are puppies a ranking factor?
jonoalderson
1
3.5k
Agile Leadership in an Agile Organization
kimpetersen
PRO
0
160
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
tomoyanonymous
2
840
Building a Modern Day E-commerce SEO Strategy
aleyda
45
9.1k
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
akashhashmi
0
360
The AI Search Optimization Roadmap by Aleyda Solis
aleyda
1
5.9k
WENDY [Excerpt]
tessaabrams
11
38k
Leading Effective Engineering Teams in the AI Era
addyosmani
9
2k
Technical Leadership for Architectural Decision Making
baasie
3
390
Unlocking the hidden potential of vector embeddings in international SEO
frankvandijk
0
830
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
subroh0508
knishioka
tkikuchi
yoshidashingo
sony
takeuchi_132917
tkyowa
ytaka23
negima
nrslib
danielbryantuk
techtekt
honnibal
badams
jonoalderson
kimpetersen
tomoyanonymous
aleyda
akashhashmi
tessaabrams
addyosmani
baasie
frankvandijk
