Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
0
110
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
300
Keeping JavaScript safe
ceejbot
3
470
ceej's how to solve it
ceejbot
6
770
work-life balance at npm
ceejbot
5
790
hash functions and you!
ceejbot
2
370
The accidental noder
ceejbot
2
160
Design Patterns & Modularity in the npm Registry
ceejbot
3
200
Monitoring on a budget
ceejbot
2
300
Other Decks in Technology
See All in Technology
もう怖くないバックグラウンド処理 Background Tasks のすべて - Hakodate.swift #1
kantacky
0
200
AIに視覚を与えモバイルアプリケーション開発をより円滑に行う
lycorptech_jp
PRO
1
570
パネルディスカッション資料 (at Tableau Now! - 2026-02-26)
yoshitakaarakawa
0
720
生成AI活用によるPRレビュー改善の歩み
lycorptech_jp
PRO
4
1.6k
AWS CDK の目玉新機能「Mixins」とは / cdk-mixins
gotok365
2
290
ヘルシーSRE
tk3fftk
2
180
研究開発部メンバーの働き⽅ / Sansan R&D Profile
sansan33
PRO
4
22k
Introduction to Bill One Development Engineer
sansan33
PRO
0
370
Sansan Engineering Unit 紹介資料
sansan33
PRO
1
4k
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
15
95k
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
10k
LINE Messengerの次世代ストレージ選定
lycorptech_jp
PRO
0
100
Featured
See All Featured
Agile Leadership in an Agile Organization
kimpetersen
PRO
0
96
Balancing Empowerment & Direction
lara
5
920
How To Speak Unicorn (iThemes Webinar)
marktimemedia
1
400
SEO for Brand Visibility & Recognition
aleyda
0
4.3k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
2.3k
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.3k
WENDY [Excerpt]
tessaabrams
9
36k
Git: the NoSQL Database
bkeepers
PRO
432
66k
SEOcharity - Dark patterns in SEO and UX: How to avoid them and build a more ethical web
sarafernandez
0
130
Are puppies a ranking factor?
jonoalderson
1
3k
Building Flexible Design Systems
yeseniaperezcruz
330
40k
Thoughts on Productivity
jonyablonski
75
5.1k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
kantacky
lycorptech_jp
yoshitakaarakawa
gotok365
tk3fftk
sansan33
oracle4engineer
fullkaiten
kimpetersen
lara
marktimemedia
aleyda
garrettdimon
ipullrank
tessaabrams
bkeepers
sarafernandez
jonoalderson
yeseniaperezcruz
jonyablonski
