Slide 1

Slide 1 text

Heartbleed why you should care

Slide 2

Slide 2 text

C J Silverio devops at npm @ceejbot

Slide 3

Slide 3 text

what's heartbleed?

Slide 4

Slide 4 text

security vulnerability disclosed April 7 2/3rds of all secure servers

Slide 5

Slide 5 text

OpenSSL the secure 's' in https://

Slide 6

Slide 6 text

heartbeat a pulse from a client to a server & back

Slide 7

Slide 7 text

Alice ⇢ ping ⇢ Bob Alice ⇠ pong ⇠ Bob

Slide 8

Slide 8 text

Alice lies: “pong is 64K letters.”

Slide 9

Slide 9 text

Bob trusts her. He sends Alice too much data.

Slide 10

Slide 10 text

that data is the bleed in heartbleed

Slide 11

Slide 11 text

what leaked?

Slide 12

Slide 12 text

Everything. » your passwords » your cookies » server's passwords » server's identifying certificates

Slide 13

Slide 13 text

Everything leaked. From 2/3rds of the servers on the internet.

Slide 14

Slide 14 text

How long did this leak exist?

Slide 15

Slide 15 text

Two years.

Slide 16

Slide 16 text

Everything leaked from 2/3rds of the servers on the internet for two years.

Slide 17

Slide 17 text

No content

Slide 18

Slide 18 text

How did this happen?

Slide 19

Slide 19 text

Rogue agency: the NSA? incompetence?

Slide 20

Slide 20 text

now what?

Slide 21

Slide 21 text

change your passwords

Slide 22

Slide 22 text

change your passwords for everything

Slide 23

Slide 23 text

yes, everything

Slide 24

Slide 24 text

Use a password manager 1Password https://getvau.lt

Slide 25

Slide 25 text

Toss your cookies

Slide 26

Slide 26 text

Turn on 2-factor auth

Slide 27

Slide 27 text

Recap

Slide 28

Slide 28 text

Heartbleed is as bad as it gets.

Slide 29

Slide 29 text

change passwords delete cookies 2-factor auth

Slide 30

Slide 30 text

donate to important open-source projects

Slide 31

Slide 31 text

Buy your operations staff a drink

Slide 32

Slide 32 text

change your passwords