Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
C J Silverio
April 15, 2014
Technology
120
0
Share
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
310
Keeping JavaScript safe
ceejbot
3
490
ceej's how to solve it
ceejbot
6
780
work-life balance at npm
ceejbot
5
800
hash functions and you!
ceejbot
2
380
The accidental noder
ceejbot
2
180
Design Patterns & Modularity in the npm Registry
ceejbot
3
210
Monitoring on a budget
ceejbot
2
310
Other Decks in Technology
See All in Technology
AI-DLCを活用した高品質・安全なAI駆動開発実践 / AI Driven Development
yoshidashingo
1
270
AI時代の私の技術インプットとアウトプット術
tonkotsuboy_com
15
8k
Datadog 認定試験の概要と対策
uechishingo
0
210
Claude code Orchestra
ozakiomumkj
3
780
脅威をエンジニアリングの糧にして:恐怖を乗り越えた先にあったもの / Turn threats into fuel for engineering: what lay beyond overcoming fear
nrslib
1
360
JJUG CCC 2026 Spring AI時代の開発こそ標準化を武器に! ― 方式・プロセス・プラットフォームの標準化
s27watanabe
2
640
最低限これだけ押さえれ大丈夫_Claude Enterprise/Team企業展開ガバナンス入門
tkikuchi
1
570
なぜハノーバーメッセに行くべきなのか 〜初参加だから語れること〜
tanakaseiya
0
190
Javaで学ぶSOLID原則
negima
1
240
Generative UI × A2UI で AI エージェントを作った話 AI-DLC も使ってみた!
kmiya84377
1
290
PHP と TypeScript の型システム比較:AI 時代の「型」は誰のためにあるのか? #frontend_phpcon_do / frontend_phpcon_do_2026
shogogg
1
190
Fabric-cicd によるAzure DevOps デプロイ
ryomaru0825
0
170
Featured
See All Featured
世界の人気アプリ100個を分析して見えたペイウォール設計の心得
akihiro_kokubo
PRO
70
39k
The browser strikes back
jonoalderson
0
1.1k
Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf
baasie
0
570
The Limits of Empathy - UXLibs8
cassininazir
1
340
Data-driven link building: lessons from a $708K investment (BrightonSEO talk)
szymonslowik
1
1.1k
Building AI with AI
inesmontani
PRO
1
1k
How to Ace a Technical Interview
jacobian
281
24k
Facilitating Awesome Meetings
lara
57
6.9k
Impact Scores and Hybrid Strategies: The future of link building
tamaranovitovic
0
300
The Director’s Chair: Orchestrating AI for Truly Effective Learning
tmiket
1
180
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.8k
AI in Enterprises - Java and Open Source to the Rescue
ivargrimstad
0
1.3k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
yoshidashingo
tonkotsuboy_com
uechishingo
ozakiomumkj
nrslib
s27watanabe
tkikuchi
tanakaseiya
negima
kmiya84377
shogogg
ryomaru0825
akihiro_kokubo
jonoalderson
baasie
cassininazir
szymonslowik
inesmontani
jacobian
lara
tamaranovitovic
tmiket
marktimemedia
ivargrimstad
