Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
0
110
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
290
Keeping JavaScript safe
ceejbot
3
460
ceej's how to solve it
ceejbot
6
770
work-life balance at npm
ceejbot
5
790
hash functions and you!
ceejbot
2
360
The accidental noder
ceejbot
2
160
Design Patterns & Modularity in the npm Registry
ceejbot
3
190
Monitoring on a budget
ceejbot
2
290
Other Decks in Technology
See All in Technology
日本Rubyの会の構造と実行とあと何か / hokurikurk01
takahashim
4
800
Oracle Cloud Infrastructure:2025年11月度サービス・アップデート
oracle4engineer
PRO
2
170
形式手法特論:CEGAR を用いたモデル検査の状態空間削減 #kernelvm / Kernel VM Study Hokuriku Part 8
ytaka23
2
400
freeeにおけるファンクションを超えた一気通貫でのAI活用
jaxx2104
3
1.4k
AWS Bedrock AgentCoreで作る 1on1支援AIエージェント 〜Memory × Evaluationsによる実践開発〜
yusukeshimizu
4
270
Bakuraku Engineering Team Deck
layerx
PRO
12
6.6k
Ryzen NPUにおけるAI Engineプログラミング
anjn
0
240
Microsoft Agent 365 を 30 分でなんとなく理解する
skmkzyk
1
480
なぜ使われないのか?──定量×定性で見極める本当のボトルネック
kakehashi
PRO
1
1.1k
バグハンター視点によるサプライチェーンの脆弱性
scgajge12
2
630
乗りこなせAI駆動開発の波
eltociear
1
590
AI活用によるPRレビュー改善の歩み ― 社内全体に広がる学びと実践
lycorptech_jp
PRO
1
150
Featured
See All Featured
Speed Design
sergeychernyshev
33
1.4k
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.3k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
31
2.7k
Designing for humans not robots
tammielis
254
26k
YesSQL, Process and Tooling at Scale
rocio
174
15k
Reflections from 52 weeks, 52 projects
jeffersonlam
355
21k
Raft: Consensus for Rubyists
vanstee
141
7.2k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.8k
Mobile First: as difficult as doing things right
swwweet
225
10k
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
Rebuilding a faster, lazier Slack
samanthasiow
84
9.3k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
takahashim
oracle4engineer
ytaka23
jaxx2104
yusukeshimizu
layerx
anjn
skmkzyk
kakehashi
scgajge12
eltociear
lycorptech_jp
sergeychernyshev
denniskardys
tammyeverts
bluesmoon
tammielis
rocio
jeffersonlam
vanstee
mongodb
swwweet
wjessup
samanthasiow
