Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
130
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
310
Keeping JavaScript safe
ceejbot
3
490
ceej's how to solve it
ceejbot
6
780
work-life balance at npm
ceejbot
5
810
hash functions and you!
ceejbot
2
380
The accidental noder
ceejbot
2
180
Design Patterns & Modularity in the npm Registry
ceejbot
3
210
Monitoring on a budget
ceejbot
2
310
Other Decks in Technology
See All in Technology
千葉での単身赴任からAWSをやり続け、千葉に戻ってきた話
yama3133
1
120
PostgreSQL 19 新機能概要 OSC Hokkaido 2026
nori_shinoda
0
240
BPaaSで進むAIオペレーションの現在地 AI実装が効く領域とスケーラビリティの選定と実装
kentarofujii
0
160
From Prompt Engineering to Loop Engineering
shibuiwilliam
1
190
AIのReact習熟度を測る
uhyo
2
680
WebGIS AI Agentの紹介
_shimizu
0
550
AIはどのように 組織のアジリティを変えるのか?
junki
4
1.4k
iOS アプリの「これって不具合ですか?」を AI に調べてもらう
miichan
0
140
作る力から、見極める力へ — AI時代に広がるエンジニアの価値と役割
rince
0
330
あなたの知らないPDFのアクセシビリティ
lycorptech_jp
PRO
0
240
Deep Data Security 機能解説
oracle4engineer
PRO
2
110
【2026年版】 ベクトル検索とEmbedding最前線
mocobeta
23
7.5k
Featured
See All Featured
Organizational Design Perspectives: An Ontology of Organizational Design Elements
kimpetersen
PRO
1
750
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
inesmontani
PRO
3
3.5k
Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge
uxyall
0
330
GraphQLとの向き合い方2022年版
quramy
50
15k
svc-hook: hooking system calls on ARM64 by binary rewriting
retrage
2
310
SERP Conf. Vienna - Web Accessibility: Optimizing for Inclusivity and SEO
sarafernandez
2
1.5k
Test your architecture with Archunit
thirion
1
2.3k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
870
Exploring anti-patterns in Rails
aemeredith
3
420
Marketing to machines
jonoalderson
1
5.5k
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.9k
Odyssey Design
rkendrick25
PRO
2
700
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords