Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Heartbleed: why you should care

Avatar for C J Silverio C J Silverio
April 15, 2014
Technology
0
110

Heartbleed: why you should care

A discussion of the Heartbleed bug for a non-programming but computer-using audience.

Avatar for C J Silverio

C J Silverio

April 15, 2014
Tweet

More Decks by C J Silverio

See All by C J Silverio
The economics of package management
Avatar for C J Silverio ceejbot
4
1.6k
The future of (javascript) modules (in node)
Avatar for C J Silverio ceejbot
1
290
Keeping JavaScript safe
Avatar for C J Silverio ceejbot
3
450
ceej's how to solve it
Avatar for C J Silverio ceejbot
6
760
work-life balance at npm
Avatar for C J Silverio ceejbot
5
790
hash functions and you!
Avatar for C J Silverio ceejbot
2
350
The accidental noder
Avatar for C J Silverio ceejbot
2
150
Design Patterns & Modularity in the npm Registry
Avatar for C J Silverio ceejbot
3
190
Monitoring on a budget
Avatar for C J Silverio ceejbot
2
290

Other Decks in Technology

See All in Technology
Databricks AI/BI Genie の「値ディクショナリー」をAmazonの奥地(S3)まで見に行く
Avatar for camay kameitomohiro
1
400
Azureコストと向き合った、4年半のリアル / Four and a half years of dealing with Azure costs
Avatar for AEON aeonpeople
1
270
AWS UG Grantでグローバル20名に選出されてre:Inventに行く話と、マルチクラウドセキュリティの教科書を執筆した話 / The Story of Being Selected for the AWS UG Grant to Attending re:Invent, and Writing a Multi-Cloud Security Textbook
Avatar for Yuji Oshima yuj1osm
1
130
生成AI時代のPythonセキュリティとガバナンス
Avatar for abenben abenben
0
120
データ戦略部門 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
3.8k
QA業務を変える(!?)AIを併用した不具合分析の実践
Avatar for ma2ri__ ma2ri
0
120
Behind Postgres 18: The People, the Code, & the Invisible Work | Claire Giordano | PGConfEU 2025
Avatar for Claire Giordano clairegiordano
0
110
AI時代、“平均値”ではいられない
Avatar for uhyo uhyo
8
2.4k
serverless team topology
Avatar for kensh _kensh
3
200
Implementing and Evaluating a High-Level Language with WasmGC and the Wasm Component Model: Scala’s Case
Avatar for Rikito Taniguchi tanishiking
0
170
オブザーバビリティと育てた ID管理・認証認可基盤の歩み / The Journey of an ID Management, Authentication, and Authorization Platform Nurtured with Observability
Avatar for 株式会社カミナシ kaminashi
1
210
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
Avatar for Sansan, Inc. sansan33
PRO
0
2.8k

Featured

See All Featured
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
369
20k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
246
12k
What’s in a name? Adding method to the madness
Avatar for Product Marketing Alliance productmarketing
PRO
24
3.7k
Principles of Awesome APIs and How to Build Them.
Avatar for Keavy McMinn keavy
127
17k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
34
8.9k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
132
19k
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.5k
Dealing with People You Can't Stand - Big Design 2015
Avatar for Cassini Nazir cassininazir
367
27k
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
234
17k
Typedesign – Prime Four
Avatar for Hannes Fritz hannesfritz
42
2.8k
Bootstrapping a Software Product
Avatar for Garrett Dimon garrettdimon
PRO
307
110k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
Avatar for Dan Newman danielanewman
230
22k

Transcript

  1. Heartbleed why you should care

  2. C J Silverio devops at npm @ceejbot

  3. what's heartbleed?

  4. security vulnerability disclosed April 7 2/3rds of all secure servers

  5. OpenSSL the secure 's' in https://

  6. heartbeat a pulse from a client to a server &

    back

  7. Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob

  8. Alice lies: “pong is 64K letters.”

  9. Bob trusts her. He sends Alice too much data.

  10. that data is the bleed in heartbleed

  11. what leaked?

  12. Everything. » your passwords » your cookies » server's passwords

    » server's identifying certificates

  13. Everything leaked. From 2/3rds of the servers on the internet.

  14. How long did this leak exist?

  15. Two years.

  16. Everything leaked from 2/3rds of the servers on the internet

    for two years.
  17. None

  18. How did this happen?

  19. Rogue agency: the NSA? incompetence?

  20. now what?

  21. change your passwords

  22. change your passwords for everything

  23. yes, everything

  24. Use a password manager 1Password https://getvau.lt

  25. Toss your cookies

  26. Turn on 2-factor auth

  27. Recap

  28. Heartbleed is as bad as it gets.

  29. change passwords delete cookies 2-factor auth

  30. donate to important open-source projects

  31. Buy your operations staff a drink

  32. change your passwords