Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
C J Silverio
April 15, 2014
Technology
120
0
Share
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
310
Keeping JavaScript safe
ceejbot
3
480
ceej's how to solve it
ceejbot
6
780
work-life balance at npm
ceejbot
5
800
hash functions and you!
ceejbot
2
370
The accidental noder
ceejbot
2
170
Design Patterns & Modularity in the npm Registry
ceejbot
3
200
Monitoring on a budget
ceejbot
2
300
Other Decks in Technology
See All in Technology
AI와 협업하는 조직으로의 여정
arawn
0
510
ハーネスエンジニアリングをやりすぎた話 ~そのハーネスは解体された~
gotalab555
5
1.8k
Practical TypeProf: Lessons from Analyzing Optcarrot
mame
0
1k
データ定義の混乱と戦う 〜 管理会計と財務会計 〜
wonohe
0
140
[OAWTT26][THR1028] Oracle AI Database 26ai へのアップグレード:ベストプラクティスと最新情報
oracle4engineer
PRO
1
110
Hacobu Tech Deck
hacobu
PRO
0
120
Good Enough Types: Heuristic Type Inference for Ruby
riseshia
1
300
ネットワーク運用を楽にするAWS DevOps Agent活用法!! / 20260421 Masaki Okuda
shift_evolve
PRO
2
220
AIが書いたコードを信じられない問題 〜レビュー負荷を下げるために変えたこと〜 / The AI Code Trust Gap: Reducing the Review Burden
bitkey
PRO
8
1.4k
Keeping Ruby Running on Cygwin
fd0
0
180
レビューしきれない?それは「全て人力でのレビュー」だからではないでしょうか
amixedcolor
0
350
生成AIが変える SaaS の競争原理と弁護士ドットコムのプロダクト戦略
bengo4com
1
2.2k
Featured
See All Featured
AI in Enterprises - Java and Open Source to the Rescue
ivargrimstad
0
1.2k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
250
1.3M
30 Presentation Tips
portentint
PRO
1
280
Public Speaking Without Barfing On Your Shoes - THAT 2023
reverentgeek
1
380
It's Worth the Effort
3n
188
29k
Tips & Tricks on How to Get Your First Job In Tech
honzajavorek
1
490
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
signer
PRO
0
3.5k
Mind Mapping
helmedeiros
PRO
1
160
Docker and Python
trallard
47
3.8k
Become a Pro
speakerdeck
PRO
31
5.9k
Marketing Yourself as an Engineer | Alaka | Gurzu
gurzu
0
180
Learning to Love Humans: Emotional Interface Design
aarron
275
41k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
arawn
gotalab555
mame
wonohe
oracle4engineer
hacobu
riseshia
shift_evolve
bitkey
fd0
amixedcolor
bengo4com
ivargrimstad
sugarenia
portentint
reverentgeek
3n
honzajavorek
signer
helmedeiros
trallard
speakerdeck
gurzu
aarron
