Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Heartbleed: why you should care

C J Silverio
April 15, 2014
Technology
0
99

Heartbleed: why you should care

A discussion of the Heartbleed bug for a non-programming but computer-using audience.

C J Silverio

April 15, 2014
Tweet

More Decks by C J Silverio

See All by C J Silverio
The economics of package management
ceejbot
4
1.5k
The future of (javascript) modules (in node)
ceejbot
1
280
Keeping JavaScript safe
ceejbot
3
420
ceej's how to solve it
ceejbot
6
760
work-life balance at npm
ceejbot
5
780
hash functions and you!
ceejbot
2
350
The accidental noder
ceejbot
2
140
Design Patterns & Modularity in the npm Registry
ceejbot
3
180
Monitoring on a budget
ceejbot
2
280

Other Decks in Technology

See All in Technology
データの品質が低いと何が困るのか
kzykmyzw
6
1.1k
『衛星データ利用の方々にとって近いようで触れる機会のなさそうな小話 ~ 衛星搭載ソフトウェアと衛星運用ソフトウェア (実物) を動かしながらわいわいする編 ~』 @日本衛星データコミニティ勉強会
meltingrabbit
0
140
全文検索+セマンティックランカー+LLMの自然文検索サ−ビスで得られた知見
segavvy
2
100
地方拠点で エンジニアリングマネージャーってできるの? 〜地方という制約を楽しむオーナーシップとコミュニティ作り〜
1coin
1
230
N=1から解き明かす AWS ソリューションアーキテクトの魅力
kiiwami
0
130
目の前の仕事と向き合うことで成長できる - 仕事とスキルを広げる / Every little bit counts
soudai
24
7.1k
Larkご案内資料
customercloud
PRO
0
650
ユーザーストーリーマッピングから始めるアジャイルチームと並走するQA / Starting QA with User Story Mapping
katawara
0
200
人はなぜISUCONに夢中になるのか
kakehashi
PRO
6
1.6k
飲食店予約台帳を支えるインタラクティブ UI 設計と実装
siropaca
7
1.8k
開発スピードは上がっている…品質はどうする? スピードと品質を両立させるためのプロダクト開発の進め方とは #DevSumi #DevSumiB / Agile And Quality
nihonbuson
2
2.9k
2/18/25: Java meets AI: Build LLM-Powered Apps with LangChain4j
edeandrea
PRO
0
110

Featured

See All Featured
Six Lessons from altMBA
skipperchong
27
3.6k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
45
9.4k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.7k
RailsConf 2023
tenderlove
29
1k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
6
550
Product Roadmaps are Hard
iamctodd
PRO
50
11k
Building Your Own Lightsaber
phodgson
104
6.2k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Typedesign – Prime Four
hannesfritz
40
2.5k
Optimizing for Happiness
mojombo
376
70k
Intergalactic Javascript Robots from Outer Space
tanoku
270
27k
The Cult of Friendly URLs
andyhume
78
6.2k

Transcript

  1. Heartbleed why you should care

  2. C J Silverio devops at npm @ceejbot

  3. what's heartbleed?

  4. security vulnerability disclosed April 7 2/3rds of all secure servers

  5. OpenSSL the secure 's' in https://

  6. heartbeat a pulse from a client to a server &

    back

  7. Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob

  8. Alice lies: “pong is 64K letters.”

  9. Bob trusts her. He sends Alice too much data.

  10. that data is the bleed in heartbleed

  11. what leaked?

  12. Everything. » your passwords » your cookies » server's passwords

    » server's identifying certificates

  13. Everything leaked. From 2/3rds of the servers on the internet.

  14. How long did this leak exist?

  15. Two years.

  16. Everything leaked from 2/3rds of the servers on the internet

    for two years.
  17. None

  18. How did this happen?

  19. Rogue agency: the NSA? incompetence?

  20. now what?

  21. change your passwords

  22. change your passwords for everything

  23. yes, everything

  24. Use a password manager 1Password https://getvau.lt

  25. Toss your cookies

  26. Turn on 2-factor auth

  27. Recap

  28. Heartbleed is as bad as it gets.

  29. change passwords delete cookies 2-factor auth

  30. donate to important open-source projects

  31. Buy your operations staff a drink

  32. change your passwords