Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Heartbleed: why you should care

C J Silverio
April 15, 2014
Technology
0
99

Heartbleed: why you should care

A discussion of the Heartbleed bug for a non-programming but computer-using audience.

C J Silverio

April 15, 2014
Tweet

More Decks by C J Silverio

See All by C J Silverio
The economics of package management
ceejbot
4
1.5k
The future of (javascript) modules (in node)
ceejbot
1
280
Keeping JavaScript safe
ceejbot
3
420
ceej's how to solve it
ceejbot
6
760
work-life balance at npm
ceejbot
5
780
hash functions and you!
ceejbot
2
350
The accidental noder
ceejbot
2
140
Design Patterns & Modularity in the npm Registry
ceejbot
3
180
Monitoring on a budget
ceejbot
2
280

Other Decks in Technology

See All in Technology
Apache Iceberg Case Study in LY Corporation
lycorptech_jp
PRO
0
340
LINEギフトにおけるバックエンド開発
lycorptech_jp
PRO
0
350
Snowflake ML モデルを dbt データパイプラインに組み込む​
estie
0
110
"TEAM"を導入したら最高のエンジニア"Team"を実現できた / Deploying "TEAM" and Building the Best Engineering "Team"
yuj1osm
1
210
開発組織を進化させる!AWSで実践するチームトポロジー
iwamot
2
450
システム・ML活用を広げるdbtのデータモデリング / Expanding System & ML Use with dbt Modeling
i125
1
340
ABWG2024採択者が語るエンジニアとしての自分自身の見つけ方〜発信して、つながって、世界を広げていく〜
maimyyym
1
190
いまからでも遅くない!コンテナでWebアプリを動かしてみよう!コンテナハンズオン編
nomu
0
170
IAMのマニアックな話2025
nrinetcom
PRO
6
1.2k
生成AI “再”入門 2025年春@WIRED TUESDAY EDITOR'S LOUNGE
kajikent
0
140
ウォンテッドリーのデータパイプラインを支える ETL のための analytics, rds-exporter / analytics, rds-exporter for ETL to support Wantedly's data pipeline
unblee
0
130
データエンジニアリング領域におけるDuckDBのユースケース
chanyou0311
9
2.3k

Featured

See All Featured
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
7.1k
Fireside Chat
paigeccino
34
3.2k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
330
21k
How to Think Like a Performance Engineer
csswizardry
22
1.4k
Rebuilding a faster, lazier Slack
samanthasiow
80
8.9k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5.2k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Statistics for Hackers
jakevdp
797
220k
Bash Introduction
62gerente
611
210k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
7k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
29
1k

Transcript

  1. Heartbleed why you should care

  2. C J Silverio devops at npm @ceejbot

  3. what's heartbleed?

  4. security vulnerability disclosed April 7 2/3rds of all secure servers

  5. OpenSSL the secure 's' in https://

  6. heartbeat a pulse from a client to a server &

    back

  7. Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob

  8. Alice lies: “pong is 64K letters.”

  9. Bob trusts her. He sends Alice too much data.

  10. that data is the bleed in heartbleed

  11. what leaked?

  12. Everything. » your passwords » your cookies » server's passwords

    » server's identifying certificates

  13. Everything leaked. From 2/3rds of the servers on the internet.

  14. How long did this leak exist?

  15. Two years.

  16. Everything leaked from 2/3rds of the servers on the internet

    for two years.
  17. None

  18. How did this happen?

  19. Rogue agency: the NSA? incompetence?

  20. now what?

  21. change your passwords

  22. change your passwords for everything

  23. yes, everything

  24. Use a password manager 1Password https://getvau.lt

  25. Toss your cookies

  26. Turn on 2-factor auth

  27. Recap

  28. Heartbleed is as bad as it gets.

  29. change passwords delete cookies 2-factor auth

  30. donate to important open-source projects

  31. Buy your operations staff a drink

  32. change your passwords