Link
Embed
Share
Beginning
This slide
Copy link URL
Copy link URL
Copy iframe embed code
Copy iframe embed code
Copy javascript embed code
Copy javascript embed code
Share
Tweet
Share
Tweet
Slide 1
Slide 1 text
Heartbleed why you should care
Slide 2
Slide 2 text
C J Silverio devops at npm @ceejbot
Slide 3
Slide 3 text
what's heartbleed?
Slide 4
Slide 4 text
security vulnerability disclosed April 7 2/3rds of all secure servers
Slide 5
Slide 5 text
OpenSSL the secure 's' in https://
Slide 6
Slide 6 text
heartbeat a pulse from a client to a server & back
Slide 7
Slide 7 text
Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob
Slide 8
Slide 8 text
Alice lies: “pong is 64K letters.”
Slide 9
Slide 9 text
Bob trusts her. He sends Alice too much data.
Slide 10
Slide 10 text
that data is the bleed in heartbleed
Slide 11
Slide 11 text
what leaked?
Slide 12
Slide 12 text
Everything. » your passwords » your cookies » server's passwords » server's identifying certificates
Slide 13
Slide 13 text
Everything leaked. From 2/3rds of the servers on the internet.
Slide 14
Slide 14 text
How long did this leak exist?
Slide 15
Slide 15 text
Two years.
Slide 16
Slide 16 text
Everything leaked from 2/3rds of the servers on the internet for two years.
Slide 17
Slide 17 text
No content
Slide 18
Slide 18 text
How did this happen?
Slide 19
Slide 19 text
Rogue agency: the NSA? incompetence?
Slide 20
Slide 20 text
now what?
Slide 21
Slide 21 text
change your passwords
Slide 22
Slide 22 text
change your passwords for everything
Slide 23
Slide 23 text
yes, everything
Slide 24
Slide 24 text
Use a password manager 1Password https://getvau.lt
Slide 25
Slide 25 text
Toss your cookies
Slide 26
Slide 26 text
Turn on 2-factor auth
Slide 27
Slide 27 text
Recap
Slide 28
Slide 28 text
Heartbleed is as bad as it gets.
Slide 29
Slide 29 text
change passwords delete cookies 2-factor auth
Slide 30
Slide 30 text
donate to important open-source projects
Slide 31
Slide 31 text
Buy your operations staff a drink
Slide 32
Slide 32 text
change your passwords