Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
C J Silverio
April 15, 2014
Technology
120
0
Share
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
310
Keeping JavaScript safe
ceejbot
3
480
ceej's how to solve it
ceejbot
6
780
work-life balance at npm
ceejbot
5
800
hash functions and you!
ceejbot
2
370
The accidental noder
ceejbot
2
170
Design Patterns & Modularity in the npm Registry
ceejbot
3
200
Monitoring on a budget
ceejbot
2
300
Other Decks in Technology
See All in Technology
Vision Banana: Image Generators are Generalist Vision Learners
kzykmyzw
0
350
ボトムアップの改善の火を灯し続けろ!〜支援現場で学んだ、消えないための3つの打ち手〜 / 20260509 Kazuki Mori
shift_evolve
PRO
2
640
Every Conversation Counts
kawaguti
PRO
0
210
Shiny New Tools Won't Fix Your Problem
trishagee
1
120
QAエンジニアはどうやって プロダクト議論の場に入れるのか?
moritamasami
2
410
「QA=テスト」「シフトレフト=スクラムイベントの参加者の一員」の呪縛を解く。アジャイルな開発を止めないために、10Xで挑んだ「右側のしわ寄せ」解消記 #scrumniigata
nihonbuson
PRO
5
1k
Forget technical debt
ufried
0
180
知ってた?JavaScriptの"正しさ"を検証するテストが5万以上もあること(Test262)
riyaamemiya
1
190
ハーネスエンジニアリング入門
hatyibei
0
120
ボトムアップ限界を越える - 20チームを束る "Drive Map" / Beyond Bottom-Up: A 'Drive Map' for 20 Teams
kaonavi
0
180
2026-05-14 要件定義からソース管理まで!IBM Bob基礎ハンズオン
yutanonaka
0
140
「強制アップデート」か「チームの自律」か?エンタープライズが辿り着いたプラットフォームのハイブリッド運用/cloudnative-kaigi-hybrid-platform-operations
mhrtech
0
180
Featured
See All Featured
Speed Design
sergeychernyshev
33
1.6k
It's Worth the Effort
3n
188
29k
Producing Creativity
orderedlist
PRO
348
40k
[RailsConf 2023] Rails as a piece of cake
palkan
59
6.6k
Agile Actions for Facilitating Distributed Teams - ADO2019
mkilby
0
180
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.8k
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
minecr
1
250
Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025
aleyda
1
2k
Code Reviewing Like a Champion
maltzj
528
40k
How to Talk to Developers About Accessibility
jct
2
190
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
inesmontani
PRO
3
3.4k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
10
1.2k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
kzykmyzw
shift_evolve
kawaguti
trishagee
moritamasami
nihonbuson
ufried
riyaamemiya
hatyibei
kaonavi
yutanonaka
mhrtech
sergeychernyshev
3n
orderedlist
palkan
mkilby
marktimemedia
minecr
aleyda
maltzj
jct
inesmontani
addyosmani
