Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
0
110
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
300
Keeping JavaScript safe
ceejbot
3
460
ceej's how to solve it
ceejbot
6
770
work-life balance at npm
ceejbot
5
790
hash functions and you!
ceejbot
2
360
The accidental noder
ceejbot
2
160
Design Patterns & Modularity in the npm Registry
ceejbot
3
190
Monitoring on a budget
ceejbot
2
290
Other Decks in Technology
See All in Technology
20251219 OpenIDファウンデーション・ジャパン紹介 / OpenID Foundation Japan Intro
oidfj
0
510
ハッカソンから社内プロダクトへ AIエージェント「ko☆shi」開発で学んだ4つの重要要素
sonoda_mj
6
1.7k
Entity Framework Core におけるIN句クエリ最適化について
htkym
0
130
Kiro を用いたペアプロのススメ
taikis
4
1.9k
障害対応訓練、その前に
coconala_engineer
0
200
AI との良い付き合い方を僕らは誰も知らない
asei
0
270
『君の名は』と聞く君の名は。 / Your name, you who asks for mine.
nttcom
1
120
7,000万ユーザーの信頼を守る「TimeTree」のオブザーバビリティ実践 ( Datadog Live Tokyo )
bell033
1
100
Microsoft Agent Frameworkの可観測性
tomokusaba
1
120
マイクロサービスへの5年間 ぶっちゃけ何をしてどうなったか
joker1007
21
8.3k
AgentCore BrowserとClaude Codeスキルを活用した 『初手AI』を実現する業務自動化AIエージェント基盤
ruzia
7
1.6k
AIエージェント開発と活用を加速するワークフロー自動生成への挑戦
shibuiwilliam
5
870
Featured
See All Featured
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
The agentic SEO stack - context over prompts
schlessera
0
560
Are puppies a ranking factor?
jonoalderson
0
2.4k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
Tell your own story through comics
letsgokoyo
0
770
A better future with KSS
kneath
240
18k
Information Architects: The Missing Link in Design Systems
soysaucechin
0
720
Java REST API Framework Comparison - PWX 2021
mraible
34
9k
Skip the Path - Find Your Career Trail
mkilby
0
27
We Have a Design System, Now What?
morganepeng
54
7.9k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.9k
Optimizing for Happiness
mojombo
379
70k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
oidfj
sonoda_mj
htkym
taikis
coconala_engineer
asei
nttcom
bell033
tomokusaba
joker1007
ruzia
shibuiwilliam
samlambert
schlessera
jonoalderson
afnizarnur
letsgokoyo
kneath
soysaucechin
mraible
mkilby
morganepeng
garrettdimon
mojombo
