Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
C J Silverio
April 15, 2014
Technology
130
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
310
Keeping JavaScript safe
ceejbot
3
490
ceej's how to solve it
ceejbot
6
780
work-life balance at npm
ceejbot
5
810
hash functions and you!
ceejbot
2
380
The accidental noder
ceejbot
2
180
Design Patterns & Modularity in the npm Registry
ceejbot
3
210
Monitoring on a budget
ceejbot
2
310
Other Decks in Technology
See All in Technology
最適な自走を最小限の支援で — M&Aで拡大する組織で少人数SREが挑んだ1年 / SRE NEXT 2026
genda
0
1.1k
インフラ寄りSREでも 開発に踏み出せる〜境界を越えてユーザー体験に向き合いたい〜
sansantech
PRO
2
3.8k
知らん間に、回ってる
ming_ayami
0
570
誤解だらけの開発生産性 / Myths and Misconceptions about Developer Productivity
i35_267
1
250
AI Agent SaaS を支える自社仮想化基盤への挑戦と実運用 / ai-agent-saas-virtualization
flatt_security
2
3.9k
公式ドキュメントの歩き方etc
coco_se
0
100
AICoEでAIネイティブ組織への進化
yukiogawa
0
170
ソニー銀行におけるビジネスアジリティ向上のためのクラウドシフト戦略
srenext
0
210
Databricks 生成AIガバナンス実践ワークショップ / LLMOps-workshop
databricksjapan
0
100
Devsumi 2026 Summer 人もAIも使える共通基盤を事業の加速装置にする~デザインシステム運用に学ぶ組織レバレッジ~ 渡辺 凌央
legalontechnologies
PRO
0
120
AI時代のエンジニアキャリアについて今一度考える
sakamoto_582
2
1.5k
事業価値を⽣み出すSREへ SREが担うべき意思決定の5層
kenta_hi
2
3.6k
Featured
See All Featured
VelocityConf: Rendering Performance Case Studies
addyosmani
333
25k
Applied NLP in the Age of Generative AI
inesmontani
PRO
4
2.4k
Digital Ethics as a Driver of Design Innovation
axbom
PRO
1
340
How to Align SEO within the Product Triangle To Get Buy-In & Support - #RIMC
aleyda
2
1.6k
Build The Right Thing And Hit Your Dates
maggiecrowley
39
3.3k
Heart Work Chapter 1 - Part 1
lfama
PRO
8
36k
Building the Perfect Custom Keyboard
takai
2
810
Unsuck your backbone
ammeep
672
58k
<Decoding/> the Language of Devs - We Love SEO 2024
nikkihalliwell
1
270
How STYLIGHT went responsive
nonsquared
100
6.2k
Kristin Tynski - Automating Marketing Tasks With AI
techseoconnect
PRO
0
290
State of Search Keynote: SEO is Dead Long Live SEO
ryanjones
0
220
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords