Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
0
110
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.5k
The future of (javascript) modules (in node)
ceejbot
1
290
Keeping JavaScript safe
ceejbot
3
440
ceej's how to solve it
ceejbot
6
760
work-life balance at npm
ceejbot
5
790
hash functions and you!
ceejbot
2
350
The accidental noder
ceejbot
2
150
Design Patterns & Modularity in the npm Registry
ceejbot
3
190
Monitoring on a budget
ceejbot
2
290
Other Decks in Technology
See All in Technology
GitHub Copilot の概要
tomokusaba
1
100
AWS Summit Japan 2025 Community Stage - App workflow automation by AWS Step Functions
matsuihidetoshi
1
160
20250623 Findy Lunch LT Brown
3150
0
820
AWS CDK 実践的アプローチ N選 / aws-cdk-practical-approaches
gotok365
5
570
Model Mondays S2E02: Model Context Protocol
nitya
0
200
Prox Industries株式会社 会社紹介資料
proxindustries
0
220
Amazon S3標準/ S3 Tables/S3 Express One Zoneを使ったログ分析
shigeruoda
3
410
[TechNight #90-1] 本当に使える?ZDMの新機能を実践検証してみた
oracle4engineer
PRO
3
140
CI/CD/IaC 久々に0から環境を作ったらこうなりました
kaz29
0
110
BigQuery Remote FunctionでLooker Studioをインタラクティブ化
cuebic9bic
2
240
20250625 Snowflake Summit 2025活用事例 レポート / Nowcast Snowflake Summit 2025 Case Study Report
kkuv
1
260
成立するElixirの再束縛(再代入)可という選択
kubell_hr
0
970
Featured
See All Featured
A Modern Web Designer's Workflow
chriscoyier
693
190k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Art, The Web, and Tiny UX
lynnandtonic
299
21k
Making Projects Easy
brettharned
116
6.3k
KATA
mclloyd
29
14k
Six Lessons from altMBA
skipperchong
28
3.8k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
16
940
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
8
670
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
331
22k
Faster Mobile Websites
deanohume
307
31k
RailsConf 2023
tenderlove
30
1.1k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
181
53k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords