Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
0
110
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
290
Keeping JavaScript safe
ceejbot
3
460
ceej's how to solve it
ceejbot
6
760
work-life balance at npm
ceejbot
5
790
hash functions and you!
ceejbot
2
350
The accidental noder
ceejbot
2
160
Design Patterns & Modularity in the npm Registry
ceejbot
3
190
Monitoring on a budget
ceejbot
2
290
Other Decks in Technology
See All in Technology
コミュニティと共に変化する 私とFusicの8年間
ayasamind
0
480
旧から新へ: 大規模ウェブクローラの Perl から Go への移行 / YAPC::Fukuoka 2025
motemen
3
880
AIと共に開発する時代の組織、プロセス設計 freeeでの実践から見えてきたこと
freee
3
690
JJUG CCC 2025 Fall バッチ性能!!劇的ビフォーアフター
hayashiyuu1
1
280
CodexでもAgent Skillsを使いたい
gotalab555
9
4.6k
フライトコントローラPX4の中身(制御器)を覗いてみた
santana_hammer
1
140
バクラクの AI-BPO を支える AI エージェント 〜とそれを支える Bet AI Guild〜
tomoaki25
2
750
What's the recommended Flutter architecture
aakira
3
1.6k
Moto: Latent Motion Token as the Bridging Language for Learning Robot Manipulation from Videos
peisuke
0
140
それでは聞いてください「Impeller導入に失敗しました」 #FlutterKaigi #skia
tacck
PRO
0
110
ググるより、AIに聞こう - Don’t Google it, ask AI
oikon48
0
880
Flutterで実装する実践的な攻撃対策とセキュリティ向上
fujikinaga
2
410
Featured
See All Featured
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
10
660
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
9
970
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
508
140k
How GitHub (no longer) Works
holman
315
140k
Music & Morning Musume
bryan
46
6.9k
Fireside Chat
paigeccino
41
3.7k
Why You Should Never Use an ORM
jnunemaker
PRO
60
9.6k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
37
2.6k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
1.7k
Building Applications with DynamoDB
mza
96
6.8k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
46
7.8k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
ayasamind
motemen
freee
hayashiyuu1
gotalab555
.jpg){kind=avatar}
santana_hammer
tomoaki25
aakira
peisuke
tacck
oikon48
fujikinaga
tammyeverts
malarkey
addyosmani
chriscoyier
holman
bryan
paigeccino
jnunemaker
eileencodes
reverentgeek
mza
