Wednesday, April 30, 2014

Heartbleed Bug - taking a stab at it

Today I presented at the Denver Technical Professionals networking meeting. First off thanks to all of the folks that showed up, there were a lot of good questions from the audience and I think we all walked away richer for the experience. The topic of the presentation was the heartbleed bug.

Please feel free to download the slides here

One challenge that I had when putting together material to present was one that I face when writing on this blog and that is determining how technical to get with the information that I am conveying. I try to stay in the middle; high level enough to not intimidate folks or bore you but detailed enough to convey the technical elements of the topic at hand. Instead of presuming everyone knows what a 0day is versus explaining it and citing examples, the same goes for TLS and memory heap allocation etc.


I enjoyed the time today and had lots of fun researching the topic. As promised here some of the resoucres that I mentioned I would post:

http://news.yahoo.com/passwords-change-now-because-heartbleed-140022858.html

Additional Impacted Sites

SSL/TLS Website Tool

Main Source of Information

The last slide in the deck (references) points to many more websites with more detailed information about the bug.

Thanks again everyone, and feel free to contact with any questions on this or other information security topics.