Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed at Acquia
Search
Marc Seeger
May 20, 2014
Technology
15k
0
Share
Heartbleed at Acquia
A quick presentation on how we handled Heartbleed at Acquia. Held at a DevOps Boston meetup.
Marc Seeger
May 20, 2014
More Decks by Marc Seeger
See All by Marc Seeger
Security in DECT
rb2k
2
190
The DIRAC video codec
rb2k
1
95
Communitygetriebene Android Systemerweiterungen
rb2k
1
61
Alternative infrastructure
rb2k
1
190
NoSQL Lunch and Learn
rb2k
9
8.6k
Lunch and Learn: Cucumber and Capybara
rb2k
7
22k
Other Decks in Technology
See All in Technology
APIテストとは?
nagix
0
160
PHP と TypeScript の型システム比較:AI 時代の「型」は誰のためにあるのか? #frontend_phpcon_do / frontend_phpcon_do_2026
shogogg
1
190
はじめてのDatadog
kairim0
0
240
Kiro CLI v2.0.0がやってきた!
kentapapa
0
240
コードレビューを制するチームがソフトウェアデリバリーのフローを制す / Beyond Code Review: Distributing Its Responsibilities Across the SDLC
mtx2s
3
500
エンジニアは生成AIと どのように向き合うべきか? ことばの意味という観点から
verypluming
3
300
オンコールの負荷軽減のためのBits Assistant 活用方法 / How to Use Bits Assistant to Reduce the Workload on On-Call Staff
sms_tech
1
350
Javaで学ぶSOLID原則
negima
1
240
もりもり新機能を一挙紹介! AgentCoreに入門して、AWS上にAIエージェントを構築しよう
minorun365
PRO
6
350
美味しいスイスチーズを作ろう🧀🐭
taigamikami
1
190
類似画像検索モデルの開発ノウハウ
lycorptech_jp
PRO
4
1.1k
サプライチェーンセキュリティの空白地帯 - 信頼できる”依存性”の未来を考える
rung
PRO
2
530
Featured
See All Featured
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
240
Impact Scores and Hybrid Strategies: The future of link building
tamaranovitovic
0
300
How to train your dragon (web standard)
notwaldorf
97
6.6k
Navigating Weather and Climate Data
rabernat
0
200
Joys of Absence: A Defence of Solitary Play
codingconduct
1
380
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
25
1.9k
Abbi's Birthday
coloredviolet
2
7.8k
Making Projects Easy
brettharned
120
6.7k
JAMstack: Web Apps at Ludicrous Speed - All Things Open 2022
reverentgeek
1
460
Side Projects
sachag
455
43k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
231
23k
Embracing the Ebb and Flow
colly
88
5.1k
Transcript
Marc Seeger (@rb2k) Boston Devops Meetup May 20th 2014 at
Act 1: Technology
How it all started 7:24 PM
How it all started 7:30 PM
How it all started 7:26 PM
How it all started 7:33 PM
How it all started
Quick risk assessment Lucid: [00:35:27]
[email protected]
:~# openssl version OpenSSL 0.9.8k
25 Mar 2009 ! Precise: [00:34:37]
[email protected]
:~# openssl version OpenSSL 1.0.1 14 Mar 2012
Where’s Waldo OpenSSL 8000 EC2 Machines: - 99.9% of them
puppetized - Candidates: - Balancers - SVN Servers - Appliances - ELBs - 3rd party AMIs - Unique little snowflakes (Jira, Crucible,…)
Let the patching begin
Rollout Australia: ! Con: - Spiders - Snakes ! Pro:
- Ops is awake
Rollout
Scan www
Waiting on ELBs…
Internal Certificates
Suddenly: “reverse” Heartbleed
Act 2: Communication
Internal • Pre-determined chat rooms • Dial-in conference bridges •
A communication plan Thanks SSAE-16, PCI and FedRAMP… I guess :)
Statuspage + Twitter * Powered by StatusPage.io *
Documentation https://docs.acquia.com/articles/heartbleed-acquia-cloud
Proactive communication Phone calls by Acquia support, TAMs, …
Since then: Post mortem
Since then: Incident Commander (shamelessly stolen from Heroku) http://en.wikipedia.org/wiki/Incident_command_system
Since then: Dedicated resource to vet security threats
Since then: Clean up intranet docs
Since then: Additional tooling
We’re hiring (shameless self promotion) bit.ly/acquiajobs
rb2k
nagix
shogogg
kairim0
kentapapa
mtx2s
verypluming
sms_tech
negima
minorun365
taigamikami
lycorptech_jp
rung
nikkihalliwell
tamaranovitovic
notwaldorf
rabernat
codingconduct
honnibal
coloredviolet
brettharned
reverentgeek
sachag
danielanewman
colly
![Quick risk assessment Lucid: [00:35:27] [email protected]:~# openssl version OpenSSL 0.9.8k](https://files.speakerdeck.com/presentations/9c065900c310013186c31652ff098141/slide_7.jpg){kind=link}
