Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
0
110
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
290
Keeping JavaScript safe
ceejbot
3
460
ceej's how to solve it
ceejbot
6
760
work-life balance at npm
ceejbot
5
790
hash functions and you!
ceejbot
2
350
The accidental noder
ceejbot
2
160
Design Patterns & Modularity in the npm Registry
ceejbot
3
190
Monitoring on a budget
ceejbot
2
290
Other Decks in Technology
See All in Technology
Claude Code 10連ガチャ
uhyo
3
680
JAWS-UG SRE支部 #14 LT
okaru
0
100
Redux → Recoil → Zustand → useSyncExternalStore: 状態管理の10年とReact本来の姿
zozotech
PRO
14
7.7k
「データ無い! 腹立つ! 推論する!」から 「データ無い! 腹立つ! データを作る」へ チームでデータを作り、育てられるようにするまで / How can we create, use, and maintain data ourselves?
moznion
7
4.2k
re:Invent完全攻略ガイド
junjikoide
1
330
Moto: Latent Motion Token as the Bridging Language for Learning Robot Manipulation from Videos
peisuke
0
140
X-Ray SDKとDaemonのサポート終了と移⾏ガイド
o11yfes2023
0
100
自己的售票系統自己做!
eddie
0
450
エンタープライズ企業における開発効率化のためのコンテキスト設計とその活用
sergicalsix
1
390
Design and implementation of "Markdown to Google Slides" / phpconfuk 2025
k1low
1
400
お試しで oxlint を導入してみる #vuefes_aftertalk
bengo4com
2
1.5k
Datadog On-Call と Cloud SIEM で作る SOC 基盤
kuriyosh
0
180
Featured
See All Featured
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
VelocityConf: Rendering Performance Case Studies
addyosmani
333
24k
Making the Leap to Tech Lead
cromwellryan
135
9.6k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3.2k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Building a Modern Day E-commerce SEO Strategy
aleyda
45
8k
Why Our Code Smells
bkeepers
PRO
340
57k
Rails Girls Zürich Keynote
gr2m
95
14k
Designing for Performance
lara
610
69k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.1k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
uhyo
okaru
zozotech
moznion
junjikoide
peisuke
o11yfes2023
eddie
sergicalsix
k1low
bengo4com
kuriyosh
malarkey
keithpitt
addyosmani
cromwellryan
caitiem20
eileencodes
marcelosomers
aleyda
bkeepers
gr2m
lara
tammyeverts
