Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
0
100
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.5k
The future of (javascript) modules (in node)
ceejbot
1
290
Keeping JavaScript safe
ceejbot
3
440
ceej's how to solve it
ceejbot
6
760
work-life balance at npm
ceejbot
5
790
hash functions and you!
ceejbot
2
350
The accidental noder
ceejbot
2
150
Design Patterns & Modularity in the npm Registry
ceejbot
3
190
Monitoring on a budget
ceejbot
2
290
Other Decks in Technology
See All in Technology
本当に使える?AutoUpgrade の新機能を実践検証してみた
oracle4engineer
PRO
1
120
比起獨自升級 我更喜歡 DevOps 文化 <3
line_developers_tw
PRO
0
1.1k
Observability infrastructure behind the trillion-messages scale Kafka platform
lycorptech_jp
PRO
0
130
菸酒生在 LINE Taiwan 的後端雙刀流
line_developers_tw
PRO
0
1.1k
TerraformをSaaSで使うとAzureの運用がこんなに楽ちん!HCP Terraformって何?
mnakabayashi
0
300
Абьюзим random_bytes(). Фёдор Кулаков, разработчик Lamoda Tech
lamodatech
0
250
実践! AIエージェント導入記
1mono2prod
0
130
本部長の代わりに提案書レビュー! KDDI営業が毎日使うAIエージェント「A-BOSS」開発秘話
minorun365
PRO
14
2.3k
In Praise of "Normal" Engineers (LDX3)
charity
2
1.2k
TechLION vol.41~MySQLユーザ会のほうから来ました / techlion41_mysql
sakaik
0
140
A2Aのクライアントを自作する
rynsuke
1
140
BigQuery Remote FunctionでLooker Studioをインタラクティブ化
cuebic9bic
2
210
Featured
See All Featured
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.8k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
48
2.8k
Rails Girls Zürich Keynote
gr2m
94
14k
Designing Experiences People Love
moore
142
24k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
The World Runs on Bad Software
bkeepers
PRO
68
11k
Producing Creativity
orderedlist
PRO
346
40k
Art, The Web, and Tiny UX
lynnandtonic
299
21k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.8k
KATA
mclloyd
29
14k
How GitHub (no longer) Works
holman
314
140k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
oracle4engineer
line_developers_tw
lycorptech_jp
mnakabayashi
lamodatech
1mono2prod
minorun365
charity
sakaik
rynsuke
cuebic9bic
dougneiner
tammyeverts
gr2m
moore
afnizarnur
bkeepers
orderedlist
lynnandtonic
bluesmoon
mclloyd
holman
pedronauck
