Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
0
97
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.5k
The future of (javascript) modules (in node)
ceejbot
1
270
Keeping JavaScript safe
ceejbot
3
400
ceej's how to solve it
ceejbot
6
750
work-life balance at npm
ceejbot
5
770
hash functions and you!
ceejbot
2
340
The accidental noder
ceejbot
2
140
Design Patterns & Modularity in the npm Registry
ceejbot
3
180
Monitoring on a budget
ceejbot
2
280
Other Decks in Technology
See All in Technology
DevRelの始め方
moongift
PRO
2
400
不動産tech Product Night#2_AIことはじめ_GA橋本
takehikohashimoto
0
190
可視化により内部品質をあげるAIドキュメントリバース/20240910 Hiromitsu Akiba
shift_evolve
0
230
LLVM/ASMを使った有限体の高速実装
herumi
0
120
公共交通データとアプリ制作 - Mini Tokyo 3D の初期制作過程を振り返る
nagix
1
110
Technical Writing Meetup vol.35
soracom
PRO
2
130
自作Cコンパイラ 8時間の奮闘
soukouki
0
850
社内の学びの場・コミュニティ形成とエンジニア同士のリレーションシップ構築/devreljapan2024
nishiuma
3
290
Fediverse Discovery Providers overview
andypiper
0
170
Creative UIs with Compose: DroidKaigi 2024
chrishorner
1
600
技術的負債解消の取り組みと専門チームのお話
bengo4com
0
340
『GRANBLUE FANTASY: Relink』クオリティと物量の両立に挑戦したフェイシャルアニメーション事例 ~カットシーンからランタイムまで~
cygames
0
120
Featured
See All Featured
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
1
55
Designing for Performance
lara
604
68k
[RailsConf 2023] Rails as a piece of cake
palkan
48
4.6k
Designing Experiences People Love
moore
138
23k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
8.9k
Fantastic passwords and where to find them - at NoRuKo
philnash
48
2.8k
The Brand Is Dead. Long Live the Brand.
mthomps
53
38k
Code Reviewing Like a Champion
maltzj
517
39k
The Art of Programming - Codeland 2020
erikaheidi
48
13k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
36
2.1k
Into the Great Unknown - MozCon
thekraken
29
1.4k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords