Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
C J Silverio
April 15, 2014
Technology
120
0
Share
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
310
Keeping JavaScript safe
ceejbot
3
480
ceej's how to solve it
ceejbot
6
780
work-life balance at npm
ceejbot
5
800
hash functions and you!
ceejbot
2
370
The accidental noder
ceejbot
2
170
Design Patterns & Modularity in the npm Registry
ceejbot
3
200
Monitoring on a budget
ceejbot
2
300
Other Decks in Technology
See All in Technology
AWS WAFの運用を地道に改善し、自社で運用可能にするプラクティス
andpad
1
340
Oracle AI Database@AWS:サービス概要のご紹介
oracle4engineer
PRO
4
2.6k
マンション備え付けのネットワークとLTE回線を組み合わせた ネットワークの安定化の考案
harutiro
1
140
"スキルファースト"で作る、AIの自走環境
subroh0508
0
580
SLI/SLO、「完全に理解した」から「チョットデキル」へ
maruloop
5
560
Every Conversation Counts
kawaguti
PRO
0
250
Oracle Cloud Infrastructure presents managed, serverless MCP Servers for Oracle AI Database
thatjeffsmith
1
360
20260515 ID管理は会社を守る大切な砦!〜🔰情シス向け〜
oidfj
0
600
全社統制を維持しながら現場負担をどう減らすか〜プラットフォームチームとセキュリティチームで進めたSecurity Hub活用によるAWS統制の見直し〜/secjaws-security-hub-custom-insights
mhrtech
1
550
【関西製造業祭り2026春】現場を変える技術はここまで来た〜世界最大の製造業見本市から持って帰ってきたもの〜
tanakaseiya
0
180
ESP32 IoTを動かしながらメモリ使用量を観測してみた話
zozotech
PRO
0
140
AI飲み会幹事エージェントを作っただけなのに
ykimi
0
230
Featured
See All Featured
Deep Space Network (abreviated)
tonyrice
0
140
Build The Right Thing And Hit Your Dates
maggiecrowley
39
3.1k
Skip the Path - Find Your Career Trail
mkilby
1
120
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
30 Presentation Tips
portentint
PRO
1
290
HTML-Aware ERB: The Path to Reactive Rendering @ RubyCon 2026, Rimini, Italy
marcoroth
1
49
Believing is Seeing
oripsolob
1
120
Designing for Performance
lara
611
70k
Stewardship and Sustainability of Urban and Community Forests
pwiseman
0
200
Everyday Curiosity
cassininazir
0
210
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
From π to Pie charts
rasagy
0
180
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
andpad
oracle4engineer
harutiro
subroh0508
maruloop
kawaguti
thatjeffsmith
.png){kind=avatar}
oidfj
mhrtech
tanakaseiya
zozotech
ykimi
tonyrice
maggiecrowley
mkilby
marcelosomers
portentint
marcoroth
oripsolob
lara
pwiseman
cassininazir
caitiem20
rasagy
