Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed: why you should care
Search
C J Silverio
April 15, 2014
Technology
0
110
Heartbleed: why you should care
A discussion of the Heartbleed bug for a non-programming but computer-using audience.
C J Silverio
April 15, 2014
Tweet
Share
More Decks by C J Silverio
See All by C J Silverio
The economics of package management
ceejbot
4
1.6k
The future of (javascript) modules (in node)
ceejbot
1
290
Keeping JavaScript safe
ceejbot
3
450
ceej's how to solve it
ceejbot
6
760
work-life balance at npm
ceejbot
5
790
hash functions and you!
ceejbot
2
350
The accidental noder
ceejbot
2
150
Design Patterns & Modularity in the npm Registry
ceejbot
3
190
Monitoring on a budget
ceejbot
2
290
Other Decks in Technology
See All in Technology
AI時代の経営、Bet AI Vision #BetAIDay
layerx
PRO
1
2k
2025新卒研修・HTML/CSS #弁護士ドットコム
bengo4com
3
13k
LTに影響を受けてテンプレリポジトリを作った話
hol1kgmg
0
360
金融サービスにおける高速な価値提供とAIの役割 #BetAIDay
layerx
PRO
1
830
Claude Codeは仕様駆動の夢を見ない
gotalab555
23
6.5k
Nx × AI によるモノレポ活用 〜コードジェネレーター編〜
puku0x
0
560
生成AIによるソフトウェア開発の収束地点 - Hack Fes 2025
vaaaaanquish
29
13k
Claude CodeでKiroの仕様駆動開発を実現させるには...
gotalab555
3
1k
LLM 機能を支える Langfuse / ClickHouse のサーバレス化
yuu26
9
2.1k
Telemetry APIから学ぶGoogle Cloud ObservabilityとOpenTelemetryの現在 / getting-started-telemetry-api-with-google-cloud
k6s4i53rx
0
150
全員が手を動かす組織へ - 生成AIが変えるTVerの開発現場 / everyone-codes-genai-transforms-tver-development
tohae
0
180
Amazon Qで2Dゲームを作成してみた
siromi
0
140
Featured
See All Featured
The Language of Interfaces
destraynor
158
25k
Done Done
chrislema
185
16k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.8k
Thoughts on Productivity
jonyablonski
69
4.8k
Speed Design
sergeychernyshev
32
1.1k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.6k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.4k
YesSQL, Process and Tooling at Scale
rocio
173
14k
Faster Mobile Websites
deanohume
308
31k
Writing Fast Ruby
sferik
628
62k
[RailsConf 2023] Rails as a piece of cake
palkan
56
5.8k
A better future with KSS
kneath
239
17k
Transcript
Heartbleed why you should care
C J Silverio devops at npm @ceejbot
what's heartbleed?
security vulnerability disclosed April 7 2/3rds of all secure servers
OpenSSL the secure 's' in https://
heartbeat a pulse from a client to a server &
back
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Alice lies: “pong is 64K letters.”
Bob trusts her. He sends Alice too much data.
that data is the bleed in heartbleed
what leaked?
Everything. » your passwords » your cookies » server's passwords
» server's identifying certificates
Everything leaked. From 2/3rds of the servers on the internet.
How long did this leak exist?
Two years.
Everything leaked from 2/3rds of the servers on the internet
for two years.
None
How did this happen?
Rogue agency: the NSA? incompetence?
now what?
change your passwords
change your passwords for everything
yes, everything
Use a password manager 1Password https://getvau.lt
Toss your cookies
Turn on 2-factor auth
Recap
Heartbleed is as bad as it gets.
change passwords delete cookies 2-factor auth
donate to important open-source projects
Buy your operations staff a drink
change your passwords
ceejbot
layerx
bengo4com
hol1kgmg
gotalab555
puku0x
vaaaaanquish
yuu26
k6s4i53rx
tohae
siromi
destraynor
chrislema
dougneiner
jonyablonski
sergeychernyshev
eileencodes
philnash
rocio
deanohume
sferik
palkan
kneath
