Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
C J Silverio
April 15, 2014
Technology
0
110
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
310
Keeping JavaScript safe
ceejbot
3
480
ceej's how to solve it
ceejbot
6
770
work-life balance at npm
ceejbot
5
790
hash functions and you!
ceejbot
2
370
The accidental noder
ceejbot
2
170
Design Patterns & Modularity in the npm Registry
ceejbot
3
200
Monitoring on a budget
ceejbot
2
300
Other Decks in Technology
See All in Technology
製造業ドメインにおける LLMプロダクト構築: 複雑な文脈へのアプローチ
caddi_eng
1
560
楽しく学ぼう!ネットワーク入門
shotashiratori
4
3.1k
親子 or ペアで Mashup for the Future! しゃべって楽しむ 初手AI駆動でものづくり体験
hiroramos4
PRO
0
110
AI時代のSaaSとETL
shoe116
1
120
類似画像検索モデルの開発ノウハウ
lycorptech_jp
PRO
5
1.1k
IBM Bobを使って、PostgreSQLのToDoアプリをDb2へ変換してみよう/202603_Dojo_Bob
mayumihirano
1
320
新職業『オーケストレーター』誕生 — エージェント10体を同時に回すAgentOps
gunta
4
1.8k
Dr. Werner Vogelsの14年のキーノートから紐解くエンジニアリング組織への処方箋@JAWS DAYS 2026
p0n
1
130
Claude Code のコード品質がばらつくので AI に品質保証させる仕組みを作った話 / A story about building a mechanism to have AI ensure quality, because the code quality from Claude Code was inconsistent
nrslib
13
7k
OpenClawで回す組織運営
jacopen
3
690
S3はフラットである –AWS公式SDKにも存在した、 署名付きURLにおけるパストラバーサル脆弱性– / JAWS DAYS 2026
flatt_security
0
1.7k
When an innocent-looking ListOffsets Call Took Down Our Kafka Cluster
lycorptech_jp
PRO
0
120
Featured
See All Featured
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
760
How to Grow Your eCommerce with AI & Automation
katarinadahlin
PRO
1
140
The Director’s Chair: Orchestrating AI for Truly Effective Learning
tmiket
1
130
Scaling GitHub
holman
464
140k
Typedesign – Prime Four
hannesfritz
42
3k
What's in a price? How to price your products and services
michaelherold
247
13k
AI in Enterprises - Java and Open Source to the Rescue
ivargrimstad
0
1.2k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
141
35k
The Art of Programming - Codeland 2020
erikaheidi
57
14k
Tips & Tricks on How to Get Your First Job In Tech
honzajavorek
0
450
The Language of Interfaces
destraynor
162
26k
Building Applications with DynamoDB
mza
96
7k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
SiteGround - Reliable hosting with speed, security, and support you can count on.
ceejbot
caddi_eng
shotashiratori
hiroramos4
shoe116
lycorptech_jp
mayumihirano
gunta
p0n
nrslib
jacopen
flatt_security
aleyda
katarinadahlin
tmiket
holman
hannesfritz
michaelherold
ivargrimstad
eileencodes
erikaheidi
honzajavorek
destraynor
mza
