Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Heartbleed: why you should care

C J Silverio
April 15, 2014
Technology
0
99

Heartbleed: why you should care

A discussion of the Heartbleed bug for a non-programming but computer-using audience.

C J Silverio

April 15, 2014
Tweet

More Decks by C J Silverio

See All by C J Silverio
The economics of package management
ceejbot
4
1.5k
The future of (javascript) modules (in node)
ceejbot
1
280
Keeping JavaScript safe
ceejbot
3
410
ceej's how to solve it
ceejbot
6
760
work-life balance at npm
ceejbot
5
780
hash functions and you!
ceejbot
2
350
The accidental noder
ceejbot
2
140
Design Patterns & Modularity in the npm Registry
ceejbot
3
180
Monitoring on a budget
ceejbot
2
280

Other Decks in Technology

See All in Technology
30分でわかる「リスクから学ぶKubernetesコンテナセキュリティ」/30min-k8s-container-sec
mochizuki875
3
450
完全自律型AIエージェントとAgentic Workflow〜ワークフロー構築という現実解
pharma_x_tech
0
350
生成AI × 旅行 LLMを活用した旅行プラン生成・チャットボット
kominet_ava
0
160
デジタルアイデンティティ人材育成推進ワーキンググループ 翻訳サブワーキンググループ 活動報告 / 20250114-OIDF-J-EduWG-TranslationSWG
oidfj
0
540
実践! ソフトウェアエンジニアリングの価値の計測 ── Effort、Output、Outcome、Impact
nomuson
0
2.1k
Evolving Architecture
rainerhahnekamp
3
260
Docker Desktop で Docker を始めよう
zembutsu
PRO
0
180
comilioとCloudflare、そして未来へと向けて
oliver_diary
6
450
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
6
54k
Copilotの力を実感! 3ヶ月間の生成AI研修の試行錯誤&成功事例をご紹介。果たして得たものとは・・?
ktc_shiori
0
350
なぜfreeeはハブ・アンド・スポーク型の データメッシュアーキテクチャにチャレンジするのか?
shinichiro_joya
2
490
データ基盤におけるIaCの重要性とその運用
mtpooh
4
530

Featured

See All Featured
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.2k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.9k
Reflections from 52 weeks, 52 projects
jeffersonlam
348
20k
Optimizing for Happiness
mojombo
376
70k
Fashionably flexible responsive web design (full day workshop)
malarkey
406
66k
It's Worth the Effort
3n
183
28k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.8k
YesSQL, Process and Tooling at Scale
rocio
170
14k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
6
500
Visualization
eitanlees
146
15k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
230
52k

Transcript

  1. Heartbleed why you should care

  2. C J Silverio devops at npm @ceejbot

  3. what's heartbleed?

  4. security vulnerability disclosed April 7 2/3rds of all secure servers

  5. OpenSSL the secure 's' in https://

  6. heartbeat a pulse from a client to a server &

    back

  7. Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob

  8. Alice lies: “pong is 64K letters.”

  9. Bob trusts her. He sends Alice too much data.

  10. that data is the bleed in heartbleed

  11. what leaked?

  12. Everything. » your passwords » your cookies » server's passwords

    » server's identifying certificates

  13. Everything leaked. From 2/3rds of the servers on the internet.

  14. How long did this leak exist?

  15. Two years.

  16. Everything leaked from 2/3rds of the servers on the internet

    for two years.
  17. None

  18. How did this happen?

  19. Rogue agency: the NSA? incompetence?

  20. now what?

  21. change your passwords

  22. change your passwords for everything

  23. yes, everything

  24. Use a password manager 1Password https://getvau.lt

  25. Toss your cookies

  26. Turn on 2-factor auth

  27. Recap

  28. Heartbleed is as bad as it gets.

  29. change passwords delete cookies 2-factor auth

  30. donate to important open-source projects

  31. Buy your operations staff a drink

  32. change your passwords