Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
C J Silverio
April 15, 2014
Technology
0
110
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
300
Keeping JavaScript safe
ceejbot
3
470
ceej's how to solve it
ceejbot
6
770
work-life balance at npm
ceejbot
5
790
hash functions and you!
ceejbot
2
360
The accidental noder
ceejbot
2
160
Design Patterns & Modularity in the npm Registry
ceejbot
3
200
Monitoring on a budget
ceejbot
2
300
Other Decks in Technology
See All in Technology
Databricks Free Edition講座 データサイエンス編
taka_aki
0
270
CDK対応したAWS DevOps Agentを試そう_20260201
masakiokuda
1
100
コスト削減から「セキュリティと利便性」を担うプラットフォームへ
sansantech
PRO
1
640
【NGK2026S】日本株のシステムトレードに入門してみた
kazuhitotakahashi
0
270
今日から始める Amazon Bedrock AgentCore
har1101
4
300
IaaS/SaaS管理における SREの実践 - SRE Kaigi 2026
bbqallstars
3
1.1k
We Built for Predictability; The Workloads Didn’t Care
stahnma
0
110
re:Inventで出たインフラエンジニアが嬉しかったアップデート
nagisa53
4
230
DatabricksホストモデルでAIコーディング環境を構築する
databricksjapan
0
220
変化するコーディングエージェントとの現実的な付き合い方 〜Cursor安定択説と、ツールに依存しない「資産」〜
empitsu
4
1k
SREが向き合う大規模リアーキテクチャ 〜信頼性とアジリティの両立〜
zepprix
0
300
【インシデント入門】サイバー攻撃を受けた現場って何してるの?
shumei_ito
0
1.3k
Featured
See All Featured
Practical Orchestrator
shlominoach
191
11k
Designing Powerful Visuals for Engaging Learning
tmiket
0
210
Lightning Talk: Beautiful Slides for Beginners
inesmontani
PRO
1
430
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
35
2.4k
Building Applications with DynamoDB
mza
96
6.9k
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
1
46
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
ryanjones
0
53
Kristin Tynski - Automating Marketing Tasks With AI
techseoconnect
PRO
0
130
Ruling the World: When Life Gets Gamed
codingconduct
0
130
What's in a price? How to price your products and services
michaelherold
247
13k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
659
61k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
taka_aki
masakiokuda
sansantech
kazuhitotakahashi
har1101
bbqallstars
stahnma
nagisa53
databricksjapan
empitsu
zepprix
shumei_ito
shlominoach
tmiket
inesmontani
marcduiker
mza
davidcarrasco
ryanjones
techseoconnect
codingconduct
michaelherold
chriscoyier
lemiorhan
