Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
0
110
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
290
Keeping JavaScript safe
ceejbot
3
450
ceej's how to solve it
ceejbot
6
760
work-life balance at npm
ceejbot
5
790
hash functions and you!
ceejbot
2
350
The accidental noder
ceejbot
2
150
Design Patterns & Modularity in the npm Registry
ceejbot
3
190
Monitoring on a budget
ceejbot
2
290
Other Decks in Technology
See All in Technology
成長自己責任時代のあるきかた/How to navigate the era of personal responsibility for growth
kwappa
2
130
kaigi_on_rails_2025_設計.pdf
nay3
8
4.3k
SoccerNet GSRの紹介と技術応用:選手視点映像を提供するサッカー作戦盤ツール
mixi_engineers
PRO
1
130
Optuna DashboardにおけるPLaMo2連携機能の紹介 / PFN LLM セミナー
pfn
PRO
1
760
about #74462 go/token#FileSet
tomtwinkle
1
260
OpenAI gpt-oss ファインチューニング入門
kmotohas
2
720
Goを使ってTDDを体験しよう!
chiroruxx
1
240
BirdCLEF+2025 Noir 5位解法紹介
myso
0
170
Oracle Cloud Infrastructure:2025年9月度サービス・アップデート
oracle4engineer
PRO
0
320
Goのビルドシステムの変遷 / The history of Go's build system
ymotongpoo
12
3.5k
Flaky Testへの現実解をGoのプロポーザルから考える | Go Conference 2025
upamune
1
320
PythonとLLMで挑む、 4コマ漫画の構造化データ化
esuji5
0
120
Featured
See All Featured
Building Applications with DynamoDB
mza
96
6.6k
Building an army of robots
kneath
306
46k
A Modern Web Designer's Workflow
chriscoyier
697
190k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.7k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
140
34k
Code Reviewing Like a Champion
maltzj
525
40k
What's in a price? How to price your products and services
michaelherold
246
12k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
34
6.1k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Automating Front-end Workflow
addyosmani
1371
200k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords