When the internet bleeded

A presentation at RootConf 2014 in in Bengaluru, Karnataka, India by Anant Shrivastava

The talk will talk about various TLS / SSL related bugs that are identified in past year.

HeartBleed GNUTLS Bug Apple SSL Bug Lucky 13 BEAST CRIME These bugs have shaken the core premise of Secure communication. The talk will focus on bringing a basic understanding of these issues to the administrators or developers. Besides this the talk will also focus on some burning questions that are now raised in wild. Such as

  • How secure are secure Socket Libraries?
  • Is opensource code really secure?
  • Is it really true that “given enough eyeballs, all bugs are shallow”?
  • Should we move towards higher abstract languages?

And most important: What it really means for a Administrator / DevOps person

Video

Resources

The following resources were mentioned during the presentation or are useful additional information.

Buzz and feedback

Here’s what was said about this presentation on Twitter.