Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
0
98
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.5k
The future of (javascript) modules (in node)
ceejbot
1
270
Keeping JavaScript safe
ceejbot
3
400
ceej's how to solve it
ceejbot
6
760
work-life balance at npm
ceejbot
5
780
hash functions and you!
ceejbot
2
340
The accidental noder
ceejbot
2
140
Design Patterns & Modularity in the npm Registry
ceejbot
3
180
Monitoring on a budget
ceejbot
2
280
Other Decks in Technology
See All in Technology
飲食店データの分析事例とそれを支えるデータ基盤
kimujun
0
160
安心してください、日本語使えますよ―Ubuntu日本語Remix提供休止に寄せて― 2024-11-17
nobutomurata
1
1k
心が動くエンジニアリング ── 私が夢中になる理由
16bitidol
0
100
【令和最新版】AWS Direct Connectと愉快なGWたちのおさらい
minorun365
PRO
5
760
Lambdaと地方とコミュニティ
miu_crescent
2
370
The Rise of LLMOps
asei
7
1.7k
Making your applications cross-environment - OSCG 2024 NA
salaboy
0
190
CysharpのOSS群から見るModern C#の現在地
neuecc
2
3.5k
ISUCONに強くなるかもしれない日々の過ごしかた/Findy ISUCON 2024-11-14
fujiwara3
8
870
OCI Vault 概要
oracle4engineer
PRO
0
9.7k
Shopifyアプリ開発における Shopifyの機能活用
sonatard
4
250
開発生産性を上げながらビジネスも30倍成長させてきたチームの姿
kamina_zzz
2
1.7k
Featured
See All Featured
Producing Creativity
orderedlist
PRO
341
39k
We Have a Design System, Now What?
morganepeng
50
7.2k
Visualization
eitanlees
145
15k
Adopting Sorbet at Scale
ufuk
73
9.1k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.7k
A designer walks into a library…
pauljervisheath
204
24k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
900
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
93
16k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
26
2.1k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
229
52k
A Tale of Four Properties
chriscoyier
156
23k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords