BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.nsec.io//2024//89YL73
BEGIN:VTIMEZONE
TZID:EST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T070000Z
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T080000Z
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-2024-9PRFYS@cfp.nsec.io
DTSTART;TZID=EST:20240517T091500
DTEND;TZID=EST:20240517T094500
DESCRIPTION:This year marks the ten-year anniversary of Heartbleed’s disc
 overy and public disclosure. Heartbleed was a severe flaw in the OpenSSL c
 ryptographic library. It was publicly disclosed on April 7\, 2014\, initia
 ting a long and arduous process of remediation for more than two thirds of
  all web servers on the internet. Anybody could potentially eavesdrop on c
 ommunications\, steal data or impersonate users for any vulnerable service
  or device\, without leaving a trace. Described by some experts as “one 
 of the most consequential vulnerability since the advent of the commercial
  internet”\, Heartbleed abruptly unveiled the insecure and unsustainable
  foundations on which the internet infrastructure was built. How could so 
 many major organizations (Google\, Amazon\, Facebook\, financial and gover
 nment institutions) depend on OpenSSL\, a struggling free software project
  with one overworked full-time developer and $2\,000 in yearly donations? 
 How could they integrate its code without any proper security audit or rec
 iprocal financial support? This presentation traces the historical roots o
 f the OpenSSL project and its growing adoption\, from the mid 1990s up to 
 2014. Based on original interviews with OpenSSL developers and security ex
 perts as well as extensive archival research\, it portrays a nascent crypt
 ographic library written “as a learning exercise” during the turmoil o
 f the Crypto Wars of the 1990s. Finally\, this presentation explores some 
 of the long-lasting effects Heartbleed has had on the tech industry and fr
 ee software community – effects that still resonate to this day\, ten ye
 ars later.
DTSTAMP:20260311T213540Z
LOCATION:Salle de Bal
SUMMARY:Heartbleed\, ten years later - Louis Melançon
URL:https://cfp.nsec.io/2024/talk/9PRFYS/
END:VEVENT
END:VCALENDAR