Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
C J Silverio
April 15, 2014
Technology
110
0
Share
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
310
Keeping JavaScript safe
ceejbot
3
480
ceej's how to solve it
ceejbot
6
780
work-life balance at npm
ceejbot
5
800
hash functions and you!
ceejbot
2
370
The accidental noder
ceejbot
2
170
Design Patterns & Modularity in the npm Registry
ceejbot
3
200
Monitoring on a budget
ceejbot
2
300
Other Decks in Technology
See All in Technology
Zephyr(RTOS)でARMとRISC-Vのコア間通信をしてみた
iotengineer22
0
120
MIX AUDIO EN BROADCAST
ralpherick
0
140
AIエージェント時代に必要な オペレーションマネージャーのロールとは
kentarofujii
0
260
Oracle Cloud Infrastructure(OCI):Onboarding Session(はじめてのOCI/Oracle Supportご利⽤ガイド)
oracle4engineer
PRO
2
17k
AIエージェント勉強会第3回 エージェンティックAIの時代がやってきた
ymiya55
0
180
GitHub Advanced Security × Defender for Cloudで開発とSecOpsのサイロを超える: コードとクラウドをつなぐ、開発プラットフォームのセキュリティ
yuriemori
1
120
AI時代のシステム開発者の仕事_20260328
sengtor
0
320
VSCode中心だった自分がターミナル沼に入門した話
sanogemaru
0
890
私がよく使うMCPサーバー3選と社内で安全に活用する方法
kintotechdev
0
150
Zephyr(RTOS)でOpenPLCを実装してみた
iotengineer22
0
180
Microsoft Fabricで考える非構造データのAI活用
ryomaru0825
0
590
LLMに何を任せ、何を任せないか
cap120
11
6.8k
Featured
See All Featured
Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge
uxyall
0
240
jQuery: Nuts, Bolts and Bling
dougneiner
66
8.4k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Unlocking the hidden potential of vector embeddings in international SEO
frankvandijk
0
230
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
287
14k
svc-hook: hooking system calls on ARM64 by binary rewriting
retrage
2
190
[SF Ruby Conf 2025] Rails X
palkan
2
880
Leo the Paperboy
mayatellez
5
1.6k
BBQ
matthewcrist
89
10k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
64
54k
For a Future-Friendly Web
brad_frost
183
10k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
iotengineer22
ralpherick
kentarofujii
oracle4engineer
ymiya55
yuriemori
sengtor
sanogemaru
kintotechdev
ryomaru0825
cap120
uxyall
dougneiner
chriscoyier
frankvandijk
stephaniewalter
retrage
palkan
mayatellez
matthewcrist
marcelosomers
nwiizo
brad_frost
