Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
C J Silverio
April 15, 2014
Technology
120
0
Share
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
310
Keeping JavaScript safe
ceejbot
3
480
ceej's how to solve it
ceejbot
6
780
work-life balance at npm
ceejbot
5
800
hash functions and you!
ceejbot
2
370
The accidental noder
ceejbot
2
170
Design Patterns & Modularity in the npm Registry
ceejbot
3
200
Monitoring on a budget
ceejbot
2
300
Other Decks in Technology
See All in Technology
Keeping Ruby Running on Cygwin
fd0
0
140
Rapid Start: Faster Internet Connections, with Ruby's Help
kazuho
2
250
AWS認定資格は本当に意味があるのか?
nrinetcom
PRO
2
270
Bill One 開発エンジニア 紹介資料
sansan33
PRO
6
18k
Azure Static Web Apps の自動ビルドがタイムアウトしやすくなった状況に対応した件/global-azure2026
thara0402
0
390
ぼくがかんがえたさいきょうのあうとぷっと
yama3133
0
190
マルチプロダクトの信頼性を効率良く保っていくために
kworkdev
PRO
0
150
Microsoft 365 / Microsoft 365 Copilot : 自分の状態を確認する「ラベル」について
taichinakamura
0
130
ハーネスエンジニアリングの概要と設計思想
sergicalsix
9
4.8k
Choose your own adventure in agentic design patterns
glaforge
0
130
Claude Code を安全に使おう勉強会 / Claude Code Security Basics
masahirokawahara
11
31k
Sansan Engineering Unit 紹介資料
sansan33
PRO
1
4.3k
Featured
See All Featured
Optimizing for Happiness
mojombo
378
71k
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
What’s in a name? Adding method to the madness
productmarketing
PRO
24
4k
<Decoding/> the Language of Devs - We Love SEO 2024
nikkihalliwell
1
190
The Language of Interfaces
destraynor
162
26k
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.4k
The browser strikes back
jonoalderson
0
970
The AI Search Optimization Roadmap by Aleyda Solis
aleyda
1
5.6k
We Are The Robots
honzajavorek
0
210
From π to Pie charts
rasagy
0
160
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
signer
PRO
0
3.5k
Between Models and Reality
mayunak
3
260
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
fd0
kazuho
nrinetcom
sansan33
thara0402
yama3133
kworkdev
taichinakamura
sergicalsix
glaforge
masahirokawahara
mojombo
denniskardys
productmarketing
nikkihalliwell
destraynor
ipullrank
jonoalderson
aleyda
honzajavorek
rasagy
signer
mayunak
