Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
C J Silverio
April 15, 2014
Technology
0
110
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
300
Keeping JavaScript safe
ceejbot
3
470
ceej's how to solve it
ceejbot
6
770
work-life balance at npm
ceejbot
5
790
hash functions and you!
ceejbot
2
360
The accidental noder
ceejbot
2
160
Design Patterns & Modularity in the npm Registry
ceejbot
3
200
Monitoring on a budget
ceejbot
2
300
Other Decks in Technology
See All in Technology
セキュリティについて学ぶ会 / 2026 01 25 Takamatsu WordPress Meetup
rocketmartue
1
310
こんなところでも(地味に)活躍するImage Modeさんを知ってるかい?- Image Mode for OpenShift -
tsukaman
0
150
日本の85%が使う公共SaaSは、どう育ったのか
taketakekaho
1
230
コミュニティが変えるキャリアの地平線:コロナ禍新卒入社のエンジニアがAWSコミュニティで見つけた成長の羅針盤
kentosuzuki
0
120
Sansan Engineering Unit 紹介資料
sansan33
PRO
1
3.9k
Introduction to Bill One Development Engineer
sansan33
PRO
0
360
M&A 後の統合をどう進めるか ─ ナレッジワーク × Poetics が実践した組織とシステムの融合
kworkdev
PRO
1
470
Cosmos World Foundation Model Platform for Physical AI
takmin
0
930
学生・新卒・ジュニアから目指すSRE
hiroyaonoe
2
630
CDK対応したAWS DevOps Agentを試そう_20260201
masakiokuda
1
330
Red Hat OpenStack Services on OpenShift
tamemiya
0
110
顧客との商談議事録をみんなで読んで顧客解像度を上げよう
shibayu36
0
260
Featured
See All Featured
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.6k
Between Models and Reality
mayunak
1
190
Game over? The fight for quality and originality in the time of robots
wayneb77
1
120
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
220
Building Experiences: Design Systems, User Experience, and Full Site Editing
marktimemedia
0
410
First, design no harm
axbom
PRO
2
1.1k
How to Align SEO within the Product Triangle To Get Buy-In & Support - #RIMC
aleyda
1
1.4k
How to train your dragon (web standard)
notwaldorf
97
6.5k
New Earth Scene 8
popppiees
1
1.5k
Product Roadmaps are Hard
iamctodd
PRO
55
12k
Jess Joyce - The Pitfalls of Following Frameworks
techseoconnect
PRO
1
66
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
37
6.3k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
rocketmartue
tsukaman
taketakekaho
kentosuzuki
sansan33
kworkdev
takmin
hiroyaonoe
masakiokuda
tamemiya
shibayu36
jcasabona
mayunak
wayneb77
inesmontani
marktimemedia
axbom
aleyda
notwaldorf
popppiees
iamctodd
techseoconnect
kevinliebholz
