Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
0
110
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
300
Keeping JavaScript safe
ceejbot
3
460
ceej's how to solve it
ceejbot
6
770
work-life balance at npm
ceejbot
5
790
hash functions and you!
ceejbot
2
360
The accidental noder
ceejbot
2
160
Design Patterns & Modularity in the npm Registry
ceejbot
3
190
Monitoring on a budget
ceejbot
2
290
Other Decks in Technology
See All in Technology
Snowflake導入から1年、LayerXのデータ活用の現在 / One Year into Snowflake: How LayerX Uses Data Today
civitaspo
0
2.4k
日本の AI 開発と世界の潮流 / GenAI Development in Japan
hariby
1
480
[2025-12-12]あの日僕が見た胡蝶の夢 〜人の夢は終わらねェ AIによるパフォーマンスチューニングのすゝめ〜
tosite
0
180
AIエージェント開発と活用を加速するワークフロー自動生成への挑戦
shibuiwilliam
5
860
AgentCoreとStrandsで社内d払いナレッジボットを作った話
motojimayu
1
970
ActiveJobUpdates
igaiga
1
320
モダンデータスタックの理想と現実の間で~1.3億人Vポイントデータ基盤の現在地とこれから~
taromatsui_cccmkhd
2
270
2025年のデザインシステムとAI 活用を振り返る
leveragestech
0
270
アラフォーおじさん、はじめてre:Inventに行く / A 40-Something Guy’s First re:Invent Adventure
kaminashi
0
160
[Neurogica] 採用ポジション/ Recruitment Position
neurogica
1
130
Bedrock AgentCore Evaluationsで学ぶLLM as a judge入門
shichijoyuhi
2
250
LayerX QA Night#1
koyaman2
0
260
Featured
See All Featured
Site-Speed That Sticks
csswizardry
13
1k
Impact Scores and Hybrid Strategies: The future of link building
tamaranovitovic
0
170
Testing 201, or: Great Expectations
jmmastey
46
7.8k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
128
55k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.6k
We Are The Robots
honzajavorek
0
120
Building the Perfect Custom Keyboard
takai
1
660
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
9.8k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.8k
Abbi's Birthday
coloredviolet
0
3.8k
Accessibility Awareness
sabderemane
0
24
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
civitaspo
hariby
tosite
shibuiwilliam
motojimayu
igaiga
taromatsui_cccmkhd
leveragestech
kaminashi
neurogica
shichijoyuhi
koyaman2
csswizardry
tamaranovitovic
jmmastey
afnizarnur
aki_iinuma
jcasabona
honzajavorek
takai
eileencodes
bluesmoon
coloredviolet
sabderemane
