SlideShare a Scribd company logo

CloudFlare - The Heartbleed Bug - Webinar

Cloudflare
Cloudflare

An encryption flaw, called the Heartbleed bug, is already referred to as one of the biggest security threats on the Internet. The flaw, announced on April 7th, allows an attacker to pull bits of data from a server and potentially access sensitive information. How did the Heartbleed bug happen? How does it affect your website? What can you do protect yourself? CloudFlare security engineer Nick Sullivan answers these and more questions on this CloudFlare webinar. At the last portion of the webinar we have Ben Murphy (one of the winners of the CloudFlare Heartbleed challenge) on a Q&A session. For more information on Heartbleed and the CloudFlare challenge, go to: http://bit.ly/1lVKy4O For more information on CloudFlare, visit www.cloudflare.com or dial 888-99-FLARE.

Related slideshows

Application layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare dataApplication layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare data
 
The Hitchhiker's Guide to the Land of OAuth
The Hitchhiker's Guide to the Land of OAuthThe Hitchhiker's Guide to the Land of OAuth
The Hitchhiker's Guide to the Land of OAuth
 
Gwava gwava6
Gwava gwava6Gwava gwava6
Gwava gwava6
 
1 of 10
Download to read offline
The Heartbleed bug: what is it and how to protect your site? Elenitsa Staykova Marketing, CloudFlare Nick Sullivan Systems Engineer, CloudFlare Ben Murphy Software Developer, Fonix 1
Our Program Today Elenitsa Staykova – Introduction and Overview Nick Sullivan – What is Heartbleed? How to protect your site? Ben Murphy – Q&A on the CloudFlare Heartbleed challenge 2
CloudFlare At a Glance Security ü  DDoS mitigation ü  WAF ü  SSL ü  Basic security Performance ü  Static content caching ü  Dynamic content acceleration ü  Front end optimization ü  Rocket Loader, Mirage, Polish More ü  DNS ü  Availability ü  Load balancing ü  Client intelligence ü  Reporting and insights 3
Our Global Network 4
The Heartbleed bug ²  What is the Heartbleed bug? ²  Open source software OpenSSL ²  Cryptographic portion of library OK ²  Information disclosure vulnerability 5
The Heartbleed bug ²  Sensitive information at risk ²  Usernames ²  Passwords ²  Private SSL keys ²  Private keys are keys to the kingdom ²  Sites may be vulnerable to impersonation ²  Heartbleed bug – a really big deal 6
The CloudFlare Heartbleed Challenge ²  Can you get private SSL keys using Heartbleed? ²  Crowd sourced investigation to find out ²  CloudFlareChallenge.com/Heartbleed ²  The world rose up to the challenge ²  Extracting private SSL keys using Heartbleed is possible 7
Protecting your site – what do we recommend ²  http://istheinternetfixedyet.com/ Tracks sites still vulnerable to Heartbleed: ²  If site vulnerable, don’t access until updated PWs and certificates ²  If site not vulnerable, change PW ²  Website End users ²  Website Owners ²  Website Owners using CloudFlare 8
Q&A with Ben Murphy ²  Ben Murphy – one of top 4 winners who successfully solved the Heartbleed challenge ²  Solving the challenge ²  Used techniques ²  State of the Internet ²  Questions from the Audience 9
The End April 2014 10

More Related Content

CloudFlare - The Heartbleed Bug - Webinar

  • 1. The Heartbleed bug: what is it and how to protect your site? Elenitsa Staykova Marketing, CloudFlare Nick Sullivan Systems Engineer, CloudFlare Ben Murphy Software Developer, Fonix 1
  • 2. Our Program Today Elenitsa Staykova – Introduction and Overview Nick Sullivan – What is Heartbleed? How to protect your site? Ben Murphy – Q&A on the CloudFlare Heartbleed challenge 2
  • 3. CloudFlare At a Glance Security ü  DDoS mitigation ü  WAF ü  SSL ü  Basic security Performance ü  Static content caching ü  Dynamic content acceleration ü  Front end optimization ü  Rocket Loader, Mirage, Polish More ü  DNS ü  Availability ü  Load balancing ü  Client intelligence ü  Reporting and insights 3
  • 5. The Heartbleed bug ²  What is the Heartbleed bug? ²  Open source software OpenSSL ²  Cryptographic portion of library OK ²  Information disclosure vulnerability 5
  • 6. The Heartbleed bug ²  Sensitive information at risk ²  Usernames ²  Passwords ²  Private SSL keys ²  Private keys are keys to the kingdom ²  Sites may be vulnerable to impersonation ²  Heartbleed bug – a really big deal 6
  • 7. The CloudFlare Heartbleed Challenge ²  Can you get private SSL keys using Heartbleed? ²  Crowd sourced investigation to find out ²  CloudFlareChallenge.com/Heartbleed ²  The world rose up to the challenge ²  Extracting private SSL keys using Heartbleed is possible 7
  • 8. Protecting your site – what do we recommend ²  http://istheinternetfixedyet.com/ Tracks sites still vulnerable to Heartbleed: ²  If site vulnerable, don’t access until updated PWs and certificates ²  If site not vulnerable, change PW ²  Website End users ²  Website Owners ²  Website Owners using CloudFlare 8
  • 9. Q&A with Ben Murphy ²  Ben Murphy – one of top 4 winners who successfully solved the Heartbleed challenge ²  Solving the challenge ²  Used techniques ²  State of the Internet ²  Questions from the Audience 9