Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
0
110
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
300
Keeping JavaScript safe
ceejbot
3
470
ceej's how to solve it
ceejbot
6
770
work-life balance at npm
ceejbot
5
790
hash functions and you!
ceejbot
2
360
The accidental noder
ceejbot
2
160
Design Patterns & Modularity in the npm Registry
ceejbot
3
200
Monitoring on a budget
ceejbot
2
300
Other Decks in Technology
See All in Technology
仕様書駆動AI開発の実践: Issue→Skill→PRテンプレで 再現性を作る
knishioka
2
620
Bill One急成長の舞台裏 開発組織が直面した失敗と教訓
sansantech
PRO
2
340
SREじゃなかった僕らがenablingを通じて「SRE実践者」になるまでのリアル / SRE Kaigi 2026
aeonpeople
6
2.2k
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
42k
OWASP Top 10:2025 リリースと 少しの日本語化にまつわる裏話
okdt
PRO
3
590
セキュリティについて学ぶ会 / 2026 01 25 Takamatsu WordPress Meetup
rocketmartue
1
300
Codex 5.3 と Opus 4.6 にコーポレートサイトを作らせてみた / Codex 5.3 vs Opus 4.6
ama_ch
0
120
超初心者からでも大丈夫!オープンソース半導体の楽しみ方〜今こそ!オレオレチップをつくろう〜
keropiyo
0
110
生成AIを活用した音声文字起こしシステムの2つの構築パターンについて
miu_crescent
PRO
2
170
GitHub Issue Templates + Coding Agentで簡単みんなでIaC/Easy IaC for Everyone with GitHub Issue Templates + Coding Agent
aeonpeople
1
200
顧客との商談議事録をみんなで読んで顧客解像度を上げよう
shibayu36
0
210
ファインディの横断SREがTakumi byGMOと取り組む、セキュリティと開発スピードの両立
rvirus0817
1
1.3k
Featured
See All Featured
How to train your dragon (web standard)
notwaldorf
97
6.5k
The B2B funnel & how to create a winning content strategy
katarinadahlin
PRO
0
270
Unlocking the hidden potential of vector embeddings in international SEO
frankvandijk
0
170
The #1 spot is gone: here's how to win anyway
tamaranovitovic
2
930
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
38
2.7k
エンジニアに許された特別な時間の終わり
watany
106
230k
Navigating the moral maze — ethical principles for Al-driven product design
skipperchong
2
240
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.3k
GraphQLとの向き合い方2022年版
quramy
50
14k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.8k
Navigating Algorithm Shifts & AI Overviews - #SMXNext
aleyda
0
1.1k
What's in a price? How to price your products and services
michaelherold
247
13k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
knishioka
sansantech
aeonpeople
safie_recruit
okdt
rocketmartue
ama_ch
keropiyo
miu_crescent
shibayu36
rvirus0817
notwaldorf
katarinadahlin
frankvandijk
tamaranovitovic
eileencodes
watany
skipperchong
tammyeverts
quramy
bluesmoon
aleyda
michaelherold
