$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
0
110
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
290
Keeping JavaScript safe
ceejbot
3
460
ceej's how to solve it
ceejbot
6
770
work-life balance at npm
ceejbot
5
790
hash functions and you!
ceejbot
2
360
The accidental noder
ceejbot
2
160
Design Patterns & Modularity in the npm Registry
ceejbot
3
190
Monitoring on a budget
ceejbot
2
290
Other Decks in Technology
See All in Technology
乗りこなせAI駆動開発の波
eltociear
1
570
pmconf2025 - データを活用し「価値」へ繋げる
glorypulse
0
630
事業部のプロジェクト進行と開発チームの改善の “時間軸" のすり合わせ
konifar
9
3.2k
Databricksによるエージェント構築
taka_aki
1
140
Gemini でコードレビュー知見を見える化
zozotech
PRO
1
120
生成AIでテスト設計はどこまでできる? 「テスト粒度」を操るテーラリング術
shota_kusaba
0
280
21st ACRi Webinar - AMD Presentation Slide (Nao Sumikawa)
nao_sumikawa
0
230
【CEDEC+KYUSHU2025】学生・若手必見!テクニカルアーティスト 大全 ~仕事・スキル・キャリアパス、TAの「わからない」を徹底解剖~
cygames
PRO
0
130
著者と読み解くAIエージェント現場導入の勘所 Lancers TechBook#2
smiyawaki0820
11
5.4k
知っていると得する!Movable Type 9 の新機能を徹底解説
masakah
0
240
Oracle Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
0
660
私のRails開発環境
yahonda
0
190
Featured
See All Featured
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
132
19k
Context Engineering - Making Every Token Count
addyosmani
9
480
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.4k
RailsConf 2023
tenderlove
30
1.3k
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
Why Our Code Smells
bkeepers
PRO
340
57k
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
380
The Power of CSS Pseudo Elements
geoffreycrofte
80
6.1k
Learning to Love Humans: Emotional Interface Design
aarron
274
41k
Being A Developer After 40
akosma
91
590k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
130k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
eltociear
glorypulse
konifar
taka_aki
zozotech
shota_kusaba
nao_sumikawa
cygames
smiyawaki0820
masakah
oracle4engineer
yahonda
morganepeng
addyosmani
zakiyama
tenderlove
denniskardys
bkeepers
keithpitt
tammyeverts
geoffreycrofte
aarron
akosma
pedronauck
