Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
0
110
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
310
Keeping JavaScript safe
ceejbot
3
480
ceej's how to solve it
ceejbot
6
780
work-life balance at npm
ceejbot
5
790
hash functions and you!
ceejbot
2
370
The accidental noder
ceejbot
2
170
Design Patterns & Modularity in the npm Registry
ceejbot
3
200
Monitoring on a budget
ceejbot
2
300
Other Decks in Technology
See All in Technology
Postman v12 で変わる API開発ワークフロー (Postman v12 アップデート) / New API development workflow with Postman v12
yokawasa
0
140
20260311 技術SWG活動報告(デジタルアイデンティティ人材育成推進WG Ph2 活動報告会)
oidfj
0
370
Cortex Code CLI と一緒に進めるAgentic Data Engineering
__allllllllez__
0
430
コンテキスト・ハーネスエンジニアリングの現在
hirosatogamo
PRO
4
500
品質を経営にどう語るか #jassttokyo / Communicating the Strategic Value of Quality to Executive Leadership
kyonmm
PRO
2
560
Everything Claude Code を眺める
oikon48
12
7.8k
モジュラモノリス導入から4年間の総括:アーキテクチャと組織の相互作用について / Architecture and Organizational Interaction
nazonohito51
1
370
visionOS 開発向けの MCP / Skills をつくり続けることで XR の探究と学習を最大化
karad
1
760
内製AIチャットボットで学んだDatadog LLM Observability活用術
mkdev10
0
130
AIエージェント、 社内展開の前に知っておきたいこと
oracle4engineer
PRO
2
160
猫でもわかるKiro CLI(AI 駆動開発への道編)
kentapapa
0
260
僕、S3 シンプルって名前だけど全然シンプルじゃありません よろしくお願いします
yama3133
1
230
Featured
See All Featured
A brief & incomplete history of UX Design for the World Wide Web: 1989–2019
jct
1
320
Designing for Performance
lara
611
70k
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
inesmontani
PRO
3
2.1k
Visual Storytelling: How to be a Superhuman Communicator
reverentgeek
2
470
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
64
53k
Efficient Content Optimization with Google Search Console & Apps Script
katarinadahlin
PRO
1
410
We Analyzed 250 Million AI Search Results: Here's What I Found
joshbly
1
980
How to Talk to Developers About Accessibility
jct
2
150
Tips & Tricks on How to Get Your First Job In Tech
honzajavorek
0
460
How to Think Like a Performance Engineer
csswizardry
28
2.5k
Collaborative Software Design: How to facilitate domain modelling decisions
baasie
0
160
Practical Orchestrator
shlominoach
191
11k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
yokawasa
.png){kind=avatar}
oidfj
__allllllllez__
hirosatogamo
kyonmm
oikon48
nazonohito51
karad
mkdev10
oracle4engineer
kentapapa
yama3133
jct
lara
inesmontani
reverentgeek
nwiizo
katarinadahlin
joshbly
honzajavorek
csswizardry
baasie
shlominoach
