$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
0
110
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
300
Keeping JavaScript safe
ceejbot
3
460
ceej's how to solve it
ceejbot
6
770
work-life balance at npm
ceejbot
5
790
hash functions and you!
ceejbot
2
360
The accidental noder
ceejbot
2
160
Design Patterns & Modularity in the npm Registry
ceejbot
3
190
Monitoring on a budget
ceejbot
2
290
Other Decks in Technology
See All in Technology
ハッカソンから社内プロダクトへ AIエージェント「ko☆shi」開発で学んだ4つの重要要素
sonoda_mj
6
1.7k
日本の AI 開発と世界の潮流 / GenAI Development in Japan
hariby
1
480
ソフトウェアエンジニアとAIエンジニアの役割分担についてのある事例
kworkdev
PRO
0
260
普段使ってるClaude Skillsの紹介(by Notebooklm)
zerebom
8
2.2k
「図面」から「法則」へ 〜メタ視点で読み解く現代のソフトウェアアーキテクチャ〜
scova0731
0
510
Building Serverless AI Memory with Mastra × AWS
vvatanabe
0
590
AI駆動開発ライフサイクル(AI-DLC)の始め方
ryansbcho79
0
190
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
9.9k
20251222_サンフランシスコサバイバル術
ponponmikankan
2
140
AWSの新機能をフル活用した「re:Inventエージェント」開発秘話
minorun365
2
460
Oracle Database@AWS:サービス概要のご紹介
oracle4engineer
PRO
1
410
日本Rubyの会: これまでとこれから
snoozer05
PRO
6
240
Featured
See All Featured
Java REST API Framework Comparison - PWX 2021
mraible
34
9k
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
techseoconnect
PRO
0
32
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
ryanjones
0
28
GitHub's CSS Performance
jonrohan
1032
470k
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.3k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.6k
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
tomoyanonymous
0
310
Build The Right Thing And Hit Your Dates
maggiecrowley
38
3k
Imperfection Machines: The Place of Print at Facebook
scottboms
269
13k
Believing is Seeing
oripsolob
0
15
Code Review Best Practice
trishagee
74
19k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
141
34k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
sonoda_mj
hariby
kworkdev
zerebom
scova0731
vvatanabe
ryansbcho79
fullkaiten
ponponmikankan
minorun365
oracle4engineer
snoozer05
mraible
techseoconnect
ryanjones
jonrohan
ipullrank
marktimemedia
tomoyanonymous
maggiecrowley
scottboms
oripsolob
trishagee
eileencodes
