cloudflare - the heartbleed bug - webinar
Post on 08-May-2015
460 Views
Preview:
DESCRIPTION
TRANSCRIPT
The Heartbleed bug: what is it and how to protect your site?
Elenitsa Staykova Marketing, CloudFlare Nick Sullivan Systems Engineer, CloudFlare Ben Murphy Software Developer, Fonix
1
Our Program Today
Elenitsa Staykova – Introduction and Overview Nick Sullivan – What is Heartbleed? How to protect your site? Ben Murphy – Q&A on the CloudFlare Heartbleed challenge
2
CloudFlare At a Glance
Security ü DDoS mitigation ü WAF ü SSL ü Basic security
Performance ü Static content caching ü Dynamic content acceleration ü Front end optimization ü Rocket Loader, Mirage, Polish
More ü DNS ü Availability ü Load balancing ü Client intelligence ü Reporting and insights
3
Our Global Network
4
The Heartbleed bug
² What is the Heartbleed bug? ² Open source software OpenSSL ² Cryptographic portion of library OK ² Information disclosure vulnerability
5
The Heartbleed bug
² Sensitive information at risk ² Usernames ² Passwords ² Private SSL keys
² Private keys are keys to the kingdom ² Sites may be vulnerable to impersonation ² Heartbleed bug – a really big deal
6
The CloudFlare Heartbleed Challenge
² Can you get private SSL keys using Heartbleed?
² Crowd sourced investigation to find out
² CloudFlareChallenge.com/Heartbleed
² The world rose up to the challenge
² Extracting private SSL keys using Heartbleed is
possible
7
Protecting your site – what do we recommend
² http://istheinternetfixedyet.com/ Tracks sites still vulnerable to Heartbleed:
² If site vulnerable, don’t access until updated PWs and certificates
² If site not vulnerable, change PW
² Website End users ² Website Owners ² Website Owners using CloudFlare
8
Q&A with Ben Murphy
² Ben Murphy – one of top 4 winners who successfully solved the Heartbleed challenge
² Solving the challenge ² Used techniques ² State of the Internet
² Questions from the Audience
9
The End April 2014
10
top related