Nick Sullivan: Heartache and Heartbleed: The insider’s perspective on the aftermath of Heartbleed

Title:
Nick Sullivan: Heartache and Heartbleed: The insider’s perspective on the aftermath of Heartbleed
Description:

http://media.ccc.de/browse/congress/2014/31c3_-_6212_-_en_-_saal_1_-_201412282330_-_heartache_and_heartbleed_the_insider_s_perspective_on_the_aftermath_of_heartbleed_-_nick_sullivan.html

Two weeks after the Heartbleed bug was announced, CloudFlare patched the Heartbleed bug, created a challenge to prove the bug could be used to find private keys (uncovering a second bug in OpenSSL) and turned its entire network into a giant honeypot. This session will discuss the specific steps taken to prevent early disclosure, creating and scaling the first public vulnerability test, how the CloudFlare Heartbleed challenge showed that you can reveal private SSL keys (how a second bug in OpenSSL made this possible) the incredible impact of revoking over 100,000 certificates in a single day, and the results of our honeypot revealing the proportion of attack traffic versus research traffic.

Nick Sullivan

more » « less
Video Language:
English
Duration:
29:06
Format: Youtube Primary Original
Format: Youtube
This video is part of Amara Public.

Subtitles download

Incomplete subtitles (1)