Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
0
93
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.4k
The future of (javascript) modules (in node)
ceejbot
1
210
Keeping JavaScript safe
ceejbot
3
370
ceej's how to solve it
ceejbot
6
730
work-life balance at npm
ceejbot
5
760
hash functions and you!
ceejbot
2
340
The accidental noder
ceejbot
2
130
Design Patterns & Modularity in the npm Registry
ceejbot
3
170
Monitoring on a budget
ceejbot
2
270
Other Decks in Technology
See All in Technology
エンジニア候補者向け資料2024.03.28.pdf
macloud
0
2.9k
Getting started with controlling LEGO using Swift
hcrane
0
120
生成AIサービスPanorama AIご説明資料
sdt
0
300
Skaffoldを用いたGKEアプリケーションの CD(Continuous Development)
kojake_300
1
230
GraphQLに入門してみた
chiroruxx
2
100
#51 “Empowering Azure Storage with RDMA”
cafenero_777
3
210
BDD(Cucumber)コミュニティが無料提供しているコンテンツの紹介と現在起きている危機
nihonbuson
4
730
Tohoku.Tech #1 「EC-CUBE/AWSの構築をChatGPTに相談してみました」by テンダ
jun2882
0
140
MongoDB Atlas Vectorsearchではじめる生成AIアプリ開発
chie8842
3
500
Azureコストは水道代/The_47th_Tokyo_Jazug
aeonpeople
3
350
統計的学習理論読み Chapter 1
kmatsui
3
570
任意コード実行の原理
ffri
0
170
Featured
See All Featured
Large-scale JavaScript Application Architecture
addyosmani
501
110k
The Pragmatic Product Professional
lauravandoore
24
5.7k
Navigating Team Friction
lara
177
13k
Docker and Python
trallard
33
2.6k
Fontdeck: Realign not Redesign
paulrobertlloyd
75
4.8k
RailsConf 2023
tenderlove
0
510
Done Done
chrislema
178
15k
Scaling GitHub
holman
456
140k
Designing Experiences People Love
moore
135
23k
What the flash - Photography Introduction
edds
64
11k
A Philosophy of Restraint
colly
195
15k
Robots, Beer and Maslow
schacon
PRO
154
7.9k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords