Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
0
93
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.4k
The future of (javascript) modules (in node)
ceejbot
1
220
Keeping JavaScript safe
ceejbot
3
380
ceej's how to solve it
ceejbot
6
740
work-life balance at npm
ceejbot
5
760
hash functions and you!
ceejbot
2
340
The accidental noder
ceejbot
2
130
Design Patterns & Modularity in the npm Registry
ceejbot
3
170
Monitoring on a budget
ceejbot
2
270
Other Decks in Technology
See All in Technology
[PyconUS 2024] Having fun with Pydantic and pattern matching
enforcerpl
0
130
Dungeons and Dragons and Rails
joelq
0
230
Databricksの生成AI戦略
taka_aki
1
370
TiDBにおけるテーブル設計と最適化の事例
cygames
0
790
ハードウェアを動かすTypeScriptの世界
9wick
3
1.2k
本番環境で Cloudflareを 使ってみた話
miu_crescent
2
120
開発スピードの維持向上を支える、テスト設計の 漸進的進化への取り組み / Continuous Test Design Development for Speed of Product Development
ropqa
0
180
データ分析力を高めるSQL研修サービス『SQL Everyone』
hikarut
1
390
1Q86
kawaguti
PRO
2
190
社内での継続的な機械学習勉強会の開催のコツ
yudai00
2
390
技術力の伸ばし方を考える
khirata
0
140
TypescriptでのContextualな構造化ロギングと社内全体への導入
leveragestech
3
580
Featured
See All Featured
The Brand Is Dead. Long Live the Brand.
mthomps
49
30k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
23
1.7k
How to train your dragon (web standard)
notwaldorf
75
5.2k
Fantastic passwords and where to find them - at NoRuKo
philnash
39
2.5k
Web Components: a chance to create the future
zenorocha
306
41k
Side Projects
sachag
451
41k
Fashionably flexible responsive web design (full day workshop)
malarkey
398
65k
Building Flexible Design Systems
yeseniaperezcruz
320
37k
Being A Developer After 40
akosma
67
580k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
12
1.1k
The Cost Of JavaScript in 2023
addyosmani
21
4k
Designing on Purpose - Digital PM Summit 2013
jponch
111
6.5k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords