Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
130
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
310
Keeping JavaScript safe
ceejbot
3
490
ceej's how to solve it
ceejbot
6
780
work-life balance at npm
ceejbot
5
810
hash functions and you!
ceejbot
2
380
The accidental noder
ceejbot
2
180
Design Patterns & Modularity in the npm Registry
ceejbot
3
210
Monitoring on a budget
ceejbot
2
310
Other Decks in Technology
See All in Technology
気軽に使える"情報のハブ"としてのNotion活用 〜フロー情報の集積点 と、 Claude Code × Notion AI〜
syucream
1
160
ぼっちではじめた登壇が「51名」「241件」の発信に化けた
subroh0508
1
250
ロボティクスの技術 / Robotics Technology
ks91
PRO
0
110
AIネイティブな開発のサプライチェーンリスク対策 〜激動の開発現場でリスクに立ち向かう〜【ZennFes】
cscengineer
PRO
2
140
Lightning近況報告
kozy4324
0
200
iAEONの段階的リアーキテクト戦略 / iAEON's_Gradual_Re-architecture_Strategy
aeonpeople
0
230
人材育成分科会.pdf
_awache
4
300
【NRUG vol.18】KubernetesにおけるNew Relicデータ取得量削減の考え方
nrug_member
0
170
【Snowflake Summit 2026 Recap!!】Snowflake Summit Deep Dive: Security & Governance
civitaspo
1
270
【Cyber-sec+】経営層を"動かす"ための考え方
hssh2_bin
0
200
iOS アプリの「これって不具合ですか?」を AI に調べてもらう
miichan
0
100
2026 TECHFRESH 畢業分享會 - 開發日常大解密!從領域驅動到企業級上線
line_developers_tw
PRO
0
1.3k
Featured
See All Featured
Lightning talk: Run Django tests with GitHub Actions
sabderemane
0
200
jQuery: Nuts, Bolts and Bling
dougneiner
66
8.5k
The Invisible Side of Design
smashingmag
302
52k
The Curse of the Amulet
leimatthew05
1
13k
Agile Leadership in an Agile Organization
kimpetersen
PRO
0
170
Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge
uxyall
0
320
How STYLIGHT went responsive
nonsquared
100
6.2k
Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline
techseoconnect
PRO
0
200
Avoiding the “Bad Training, Faster” Trap in the Age of AI
tmiket
0
180
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
55k
We Are The Robots
honzajavorek
0
250
My Coaching Mixtape
mlcsv
0
150
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
syucream
subroh0508
ks91
cscengineer
kozy4324
aeonpeople
_awache
nrug_member
civitaspo
hssh2_bin
miichan
line_developers_tw
sabderemane
dougneiner
smashingmag
leimatthew05
kimpetersen
uxyall
nonsquared
techseoconnect
tmiket
destraynor
honzajavorek
mlcsv
