Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
0
99
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.5k
The future of (javascript) modules (in node)
ceejbot
1
280
Keeping JavaScript safe
ceejbot
3
410
ceej's how to solve it
ceejbot
6
760
work-life balance at npm
ceejbot
5
780
hash functions and you!
ceejbot
2
350
The accidental noder
ceejbot
2
140
Design Patterns & Modularity in the npm Registry
ceejbot
3
180
Monitoring on a budget
ceejbot
2
280
Other Decks in Technology
See All in Technology
30分でわかる「リスクから学ぶKubernetesコンテナセキュリティ」/30min-k8s-container-sec
mochizuki875
3
440
re:Invent 2024のふりかえり
beli68
0
110
機械学習を「社会実装」するということ 2025年版 / Social Implementation of Machine Learning 2025 Version
moepy_stats
5
1k
カップ麺の待ち時間(3分)でわかるPartyRockアップデート
ryutakondo
0
140
シフトライトなテスト活動を適切に行うことで、無理な開発をせず、過剰にテストせず、顧客をビックリさせないプロダクトを作り上げているお話 #RSGT2025 / Shift Right
nihonbuson
3
2.1k
Alignment and Autonomy in Cybozu - 300人の開発組織でアラインメントと自律性を両立させるアジャイルな組織運営 / RSGT2025
ama_ch
1
2.4k
アジャイルチームが変化し続けるための組織文化とマネジメント・アプローチ / Agile management that enables ever-changing teams
kakehashi
3
3.4k
Oracle Exadata Database Service(Dedicated Infrastructure):サービス概要のご紹介
oracle4engineer
PRO
0
12k
ドメイン駆動設計の実践により事業の成長スピードと保守性を両立するショッピングクーポン
lycorptech_jp
PRO
12
1.8k
深層学習と3Dキャプチャ・3Dモデル生成(土木学会応用力学委員会 応用数理・AIセミナー)
pfn
PRO
0
460
2025年のARグラスの潮流
kotauchisunsun
0
790
WantedlyでのKotlin Multiplatformの導入と課題 / Kotlin Multiplatform Implementation and Challenges at Wantedly
kubode
0
250
Featured
See All Featured
Testing 201, or: Great Expectations
jmmastey
41
7.2k
Docker and Python
trallard
43
3.2k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
6
500
We Have a Design System, Now What?
morganepeng
51
7.3k
Faster Mobile Websites
deanohume
305
30k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
How to Think Like a Performance Engineer
csswizardry
22
1.3k
How STYLIGHT went responsive
nonsquared
96
5.3k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
98
18k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
59k
The Pragmatic Product Professional
lauravandoore
32
6.4k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
mochizuki875
beli68
moepy_stats
ryutakondo
nihonbuson
ama_ch
kakehashi
oracle4engineer
lycorptech_jp
pfn
kotauchisunsun
kubode
jmmastey
trallard
irinanazarova
morganepeng
deanohume
scottboms
csswizardry
nonsquared
jlugia
panda_program
lemiorhan
lauravandoore
