Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
110
0
Share
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
310
Keeping JavaScript safe
ceejbot
3
480
ceej's how to solve it
ceejbot
6
780
work-life balance at npm
ceejbot
5
800
hash functions and you!
ceejbot
2
370
The accidental noder
ceejbot
2
170
Design Patterns & Modularity in the npm Registry
ceejbot
3
200
Monitoring on a budget
ceejbot
2
300
Other Decks in Technology
See All in Technology
AWSで2番目にリリースされたサービスについてお話しします(諸説あります)
yama3133
0
120
"まず試す"ためのDatabricks Apps活用法 / Databricks Apps for Early Experiments and Validation
nttcom
1
170
ハーネスエンジニアリング×AI適応開発
aictokamiya
3
1.5k
「決め方」の渡し方 / How to hand over the "decision-making process"
pauli
7
1.2k
OCI技術資料 : 証明書サービス概要
ocise
1
7.2k
サイボウズフロントエンドの活動から考える探究と発信
mugi_uno
0
110
OpenClawでPM業務を自動化
knishioka
2
390
組織的なAI活用を阻む 最大のハードルは コンテキストデザインだった
ixbox
1
440
【関西電力KOI×VOLTMIND 生成AIハッカソン】空間AIブレイン ~⼤阪おばちゃんフィジカルAIに続く道~
tanakaseiya
0
150
AIにより大幅に強化された AWS Transform Customを触ってみる
0air
0
310
OCI技術資料 : ロード・バランサ 概要 - FLB・NLB共通
ocise
4
27k
Even G2 クイックスタートガイド(日本語版)
vrshinobi1
0
200
Featured
See All Featured
Conquering PDFs: document understanding beyond plain text
inesmontani
PRO
4
2.6k
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
techseoconnect
PRO
0
93
Designing Powerful Visuals for Engaging Learning
tmiket
1
320
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
1.9k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
287
14k
Code Review Best Practice
trishagee
74
20k
Redefining SEO in the New Era of Traffic Generation
szymonslowik
1
270
Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth
auna
0
110
Code Reviewing Like a Champion
maltzj
528
40k
The Power of CSS Pseudo Elements
geoffreycrofte
82
6.2k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
37
6.3k
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.2k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
yama3133
nttcom
aictokamiya
pauli
ocise
mugi_uno
knishioka
ixbox
tanakaseiya
0air
vrshinobi1
inesmontani
techseoconnect
tmiket
reverentgeek
stephaniewalter
trishagee
szymonslowik
auna
maltzj
geoffreycrofte
kevinliebholz
aleyda
