Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Heartbleed: why you should care

C J Silverio
April 15, 2014
Technology
0
98

Heartbleed: why you should care

A discussion of the Heartbleed bug for a non-programming but computer-using audience.

C J Silverio

April 15, 2014
Tweet

More Decks by C J Silverio

See All by C J Silverio
The economics of package management
ceejbot
4
1.5k
The future of (javascript) modules (in node)
ceejbot
1
270
Keeping JavaScript safe
ceejbot
3
400
ceej's how to solve it
ceejbot
6
760
work-life balance at npm
ceejbot
5
780
hash functions and you!
ceejbot
2
340
The accidental noder
ceejbot
2
140
Design Patterns & Modularity in the npm Registry
ceejbot
3
180
Monitoring on a budget
ceejbot
2
280

Other Decks in Technology

See All in Technology
カメラを用いた店内計測におけるオプトインの仕組みの実現 / ai-optin-camera
cyberagentdevelopers
PRO
1
120
visionOSでの空間表現実装とImmersive Video表示について / ai-immersive-visionos
cyberagentdevelopers
PRO
1
110
Shift-from-React-to-Vue
calm1205
3
1.3k
【技術書典17】OpenFOAM(自宅で極める流体解析)2次元円柱まわりの流れ
kamakiri1225
0
210
[AWS JAPAN 生成AIハッカソン] Dialog の紹介
yoshimi0227
0
150
チームを主語にしてみる / Making "Team" the Subject
ar_tama
4
310
Gradle: The Build System That Loves To Hate You
aurimas
2
140
Jr. Championsになって、強く連携しながらAWSをもっと使いたい!~AWSに対する期待と行動~
amixedcolor
0
190
【若手エンジニア応援LT会】AWS Security Hubの活用に苦労した話
kazushi_ohata
0
160
大規模データ基盤チームのオンプレTiDB運用への挑戦 / dpu-tidb
cyberagentdevelopers
PRO
1
110
オーティファイ会社紹介資料 / Autify Company Deck
autifyhq
9
120k
Vueで Webコンポーネントを作って Reactで使う / 20241030-cloudsign-vuefes_after_night
bengo4com
4
2.5k

Featured

See All Featured
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
7.9k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k
Designing for Performance
lara
604
68k
Six Lessons from altMBA
skipperchong
26
3.5k
Practical Orchestrator
shlominoach
186
10k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
4 Signs Your Business is Dying
shpigford
180
21k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
355
29k

Transcript

  1. Heartbleed why you should care

  2. C J Silverio devops at npm @ceejbot

  3. what's heartbleed?

  4. security vulnerability disclosed April 7 2/3rds of all secure servers

  5. OpenSSL the secure 's' in https://

  6. heartbeat a pulse from a client to a server &

    back

  7. Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob

  8. Alice lies: “pong is 64K letters.”

  9. Bob trusts her. He sends Alice too much data.

  10. that data is the bleed in heartbleed

  11. what leaked?

  12. Everything. » your passwords » your cookies » server's passwords

    » server's identifying certificates

  13. Everything leaked. From 2/3rds of the servers on the internet.

  14. How long did this leak exist?

  15. Two years.

  16. Everything leaked from 2/3rds of the servers on the internet

    for two years.
  17. None

  18. How did this happen?

  19. Rogue agency: the NSA? incompetence?

  20. now what?

  21. change your passwords

  22. change your passwords for everything

  23. yes, everything

  24. Use a password manager 1Password https://getvau.lt

  25. Toss your cookies

  26. Turn on 2-factor auth

  27. Recap

  28. Heartbleed is as bad as it gets.

  29. change passwords delete cookies 2-factor auth

  30. donate to important open-source projects

  31. Buy your operations staff a drink

  32. change your passwords