Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Heartbleed: why you should care

C J Silverio
April 15, 2014
Technology
0
99

Heartbleed: why you should care

A discussion of the Heartbleed bug for a non-programming but computer-using audience.

C J Silverio

April 15, 2014
Tweet

More Decks by C J Silverio

See All by C J Silverio
The economics of package management
ceejbot
4
1.5k
The future of (javascript) modules (in node)
ceejbot
1
280
Keeping JavaScript safe
ceejbot
3
420
ceej's how to solve it
ceejbot
6
760
work-life balance at npm
ceejbot
5
780
hash functions and you!
ceejbot
2
350
The accidental noder
ceejbot
2
140
Design Patterns & Modularity in the npm Registry
ceejbot
3
180
Monitoring on a budget
ceejbot
2
280

Other Decks in Technology

See All in Technology
目の前の仕事と向き合うことで成長できる - 仕事とスキルを広げる / Every little bit counts
soudai
24
7.1k
データマネジメントのトレードオフに立ち向かう
ikkimiyazaki
6
980
組織貢献をするフリーランスエンジニアという生き方
n_takehata
1
1.3k
The Future of SEO: The Impact of AI on Search
badams
0
200
関東Kaggler会LT: 人狼コンペとLLM量子化について
nejumi
3
590
株式会社EventHub・エンジニア採用資料
eventhub
0
4.3k
OpenID BizDay#17 KYC WG活動報告(法人) / 20250219-BizDay17-KYC-legalidentity
oidfj
0
250
プロダクトエンジニア構想を立ち上げ、プロダクト志向な組織への成長を続けている話 / grow into a product-oriented organization
hiro_torii
1
200
エンジニアのためのドキュメント力基礎講座〜構造化思考から始めよう〜(2025/02/15jbug広島#15発表資料)
yasuoyasuo
17
6.8k
分解して理解する Aspire
nenonaninu
1
140
2.5Dモデルのすべて
yu4u
2
860
RSNA2024振り返り
nanachi
0
580

Featured

See All Featured
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.3k
Optimising Largest Contentful Paint
csswizardry
34
3.1k
How to Think Like a Performance Engineer
csswizardry
22
1.3k
Rails Girls Zürich Keynote
gr2m
94
13k
Rebuilding a faster, lazier Slack
samanthasiow
80
8.8k
Measuring & Analyzing Core Web Vitals
bluesmoon
6
240
The Cult of Friendly URLs
andyhume
78
6.2k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
4
330
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.3k
Statistics for Hackers
jakevdp
797
220k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
27
1.9k

Transcript

  1. Heartbleed why you should care

  2. C J Silverio devops at npm @ceejbot

  3. what's heartbleed?

  4. security vulnerability disclosed April 7 2/3rds of all secure servers

  5. OpenSSL the secure 's' in https://

  6. heartbeat a pulse from a client to a server &

    back

  7. Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob

  8. Alice lies: “pong is 64K letters.”

  9. Bob trusts her. He sends Alice too much data.

  10. that data is the bleed in heartbleed

  11. what leaked?

  12. Everything. » your passwords » your cookies » server's passwords

    » server's identifying certificates

  13. Everything leaked. From 2/3rds of the servers on the internet.

  14. How long did this leak exist?

  15. Two years.

  16. Everything leaked from 2/3rds of the servers on the internet

    for two years.
  17. None

  18. How did this happen?

  19. Rogue agency: the NSA? incompetence?

  20. now what?

  21. change your passwords

  22. change your passwords for everything

  23. yes, everything

  24. Use a password manager 1Password https://getvau.lt

  25. Toss your cookies

  26. Turn on 2-factor auth

  27. Recap

  28. Heartbleed is as bad as it gets.

  29. change passwords delete cookies 2-factor auth

  30. donate to important open-source projects

  31. Buy your operations staff a drink

  32. change your passwords