CloudFlare - The Heartbleed Bug - Webinar
- 1. The Heartbleed bug: what is it and how to protect
your site?
Elenitsa Staykova
Marketing, CloudFlare
Nick Sullivan
Systems Engineer, CloudFlare
Ben Murphy
Software Developer, Fonix
1
- 2. Our Program Today
Elenitsa Staykova – Introduction and Overview
Nick Sullivan – What is Heartbleed? How to protect your site?
Ben Murphy – Q&A on the CloudFlare Heartbleed challenge
2
- 3. CloudFlare At a Glance
Security
ü DDoS mitigation
ü WAF
ü SSL
ü Basic security
Performance
ü Static content caching
ü Dynamic content acceleration
ü Front end optimization
ü Rocket Loader, Mirage, Polish
More
ü DNS
ü Availability
ü Load balancing
ü Client intelligence
ü Reporting and insights
3
- 5. The Heartbleed bug
² What is the Heartbleed bug?
² Open source software OpenSSL
² Cryptographic portion of library OK
² Information disclosure vulnerability
5
- 6. The Heartbleed bug
² Sensitive information at risk
² Usernames
² Passwords
² Private SSL keys
² Private keys are keys to the kingdom
² Sites may be vulnerable to impersonation
² Heartbleed bug – a really big deal
6
- 7. The CloudFlare Heartbleed Challenge
² Can you get private SSL keys using Heartbleed?
² Crowd sourced investigation to find out
² CloudFlareChallenge.com/Heartbleed
² The world rose up to the challenge
² Extracting private SSL keys using Heartbleed is
possible
7
- 8. Protecting your site – what do we recommend
² http://istheinternetfixedyet.com/
Tracks sites still vulnerable to Heartbleed:
² If site vulnerable, don’t access until
updated PWs and certificates
² If site not vulnerable, change PW
² Website End users
² Website Owners
² Website Owners using CloudFlare
8
- 9. Q&A with Ben Murphy
² Ben Murphy – one of top 4 winners who
successfully solved the Heartbleed challenge
² Solving the challenge
² Used techniques
² State of the Internet
² Questions from the Audience
9