Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
C J Silverio
April 15, 2014
Technology
0
110
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
300
Keeping JavaScript safe
ceejbot
3
470
ceej's how to solve it
ceejbot
6
770
work-life balance at npm
ceejbot
5
790
hash functions and you!
ceejbot
2
360
The accidental noder
ceejbot
2
160
Design Patterns & Modularity in the npm Registry
ceejbot
3
200
Monitoring on a budget
ceejbot
2
300
Other Decks in Technology
See All in Technology
プロダクト成長を支える開発基盤とスケールに伴う課題
yuu26
4
1.3k
Digitization部 紹介資料
sansan33
PRO
1
6.8k
Introduction to Sansan for Engineers / エンジニア向け会社紹介
sansan33
PRO
6
68k
制約が導く迷わない設計 〜 信頼性と運用性を両立するマイナンバー管理システムの実践 〜
bwkw
3
960
【Oracle Cloud ウェビナー】[Oracle AI Database + AWS] Oracle Database@AWSで広がるクラウドの新たな選択肢とAI時代のデータ戦略
oracle4engineer
PRO
2
170
ランサムウェア対策としてのpnpm導入のススメ
ishikawa_satoru
0
180
会社紹介資料 / Sansan Company Profile
sansan33
PRO
15
400k
Data Hubグループ 紹介資料
sansan33
PRO
0
2.7k
モダンUIでフルサーバーレスなAIエージェントをAmplifyとCDKでサクッとデプロイしよう
minorun365
4
210
プロポーザルに込める段取り八分
shoheimitani
1
290
今日から始める Amazon Bedrock AgentCore
har1101
4
410
AI駆動開発を事業のコアに置く
tasukuonizawa
1
270
Featured
See All Featured
Accessibility Awareness
sabderemane
0
53
Designing for Timeless Needs
cassininazir
0
130
Rebuilding a faster, lazier Slack
samanthasiow
85
9.4k
Leadership Guide Workshop - DevTernity 2021
reverentgeek
1
200
A better future with KSS
kneath
240
18k
The Cost Of JavaScript in 2023
addyosmani
55
9.5k
AI: The stuff that nobody shows you
jnunemaker
PRO
2
260
Paper Plane (Part 1)
katiecoart
PRO
0
4.3k
A Guide to Academic Writing Using Generative AI - A Workshop
ks91
PRO
0
210
Navigating the moral maze — ethical principles for Al-driven product design
skipperchong
2
250
Leveraging Curiosity to Care for An Aging Population
cassininazir
1
160
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
508
140k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
SiteGround - Reliable hosting with speed, security, and support you can count on.
ceejbot
yuu26
sansan33
bwkw
oracle4engineer
ishikawa_satoru
minorun365
shoheimitani
har1101
tasukuonizawa
sabderemane
cassininazir
samanthasiow
reverentgeek
kneath
addyosmani
jnunemaker
katiecoart
ks91
skipperchong
chriscoyier
