Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Heartbleed at Acquia

Avatar for Marc Seeger Marc Seeger
May 20, 2014
Technology
15k
0

Heartbleed at Acquia

A quick presentation on how we handled Heartbleed at Acquia. Held at a DevOps Boston meetup.

Avatar for Marc Seeger

Marc Seeger

May 20, 2014

More Decks by Marc Seeger

See All by Marc Seeger
Security in DECT
Avatar for Marc Seeger rb2k
2
190
The DIRAC video codec
Avatar for Marc Seeger rb2k
1
94
Communitygetriebene Android Systemerweiterungen
Avatar for Marc Seeger rb2k
1
59
Alternative infrastructure
Avatar for Marc Seeger rb2k
1
190
NoSQL Lunch and Learn
Avatar for Marc Seeger rb2k
9
8.6k
Lunch and Learn: Cucumber and Capybara
Avatar for Marc Seeger rb2k
7
22k

Other Decks in Technology

See All in Technology
[OAWTT26][THR1028] Oracle AI Database 26ai へのアップグレード:ベストプラクティスと最新情報
Avatar for oracle4engineer oracle4engineer
PRO
1
110
プラットフォームエンジニアリングの実践 - AWS コンテナサービスで構築する社内プラットフォーム / AWS Containers Platform Meetup #1
Avatar for Masatoshi Hayashi literalice
1
160
ぼくがかんがえたさいきょうのあうとぷっと
Avatar for Yuuki Yamashita yama3133
0
190
No Types Needed, Just Callable Method Check
Avatar for dak2 dak2
1
1.2k
Rapid Start: Faster Internet Connections, with Ruby's Help
Avatar for kazuho kazuho
2
540
データを"持てない"環境でのアノテーション基盤設計
Avatar for SansanTech sansantech
PRO
1
120
扱える不確実性を増やしていく - スタートアップEMが考える「任せ方」
Avatar for kadoppe kadoppe
0
300
Do Vibe Coding ao LLM em Produção para Busca Agêntica - TDC 2026 - Summit IA - São Paulo
Avatar for Jessica Pauli de C Bonson jpbonson
3
120
2026年、知っておくべき最新 サーバレスTips10選/serverless-10-tips
Avatar for Serverless Operations slsops
13
5.2k
最近の技術系の話題で気になったもの色々(IoT系以外も) / IoTLT 花見予定会(たぶんBBQ) @都立潮風公園バーベキュー広場
Avatar for you(@youtoy) you
PRO
1
240
最初の一歩を踏み出せなかった私が、誰かの背中を押したいと思うようになるまで / give someone a push
Avatar for miisan mii3king
0
160
20年前の「OSS革命」に学ぶ AI時代の生存戦略
Avatar for Sam Akada samakada
0
430

Featured

See All Featured
Unlocking the hidden potential of vector embeddings in international SEO
Avatar for Frank van Dijk frankvandijk
0
770
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
Avatar for David Carrasco davidcarrasco
3
110
What’s in a name? Adding method to the madness
Avatar for The Alliance productmarketing
PRO
24
4k
How to Talk to Developers About Accessibility
Avatar for Jason CranfordTeague jct
2
180
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
57
14k
How to Grow Your eCommerce with AI & Automation
Avatar for Katarina Dahlin katarinadahlin
PRO
1
170
Digital Projects Gone Horribly Wrong (And the UX Pros Who Still Save the Day) - Dean Schuster
Avatar for UX Y'all uxyall
0
1.1k
Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf
Avatar for Kenny Baas-Schwegler baasie
0
510
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
55
12k
Mobile First: as difficult as doing things right
Avatar for Swwweet swwweet
225
10k
Exploring the relationship between traditional SERPs and Gen AI search
Avatar for Ray Grieselhuber raygrieselhuber
PRO
2
3.8k
New Earth Scene 8
Avatar for Sydney Stone popppiees
3
2.1k

Transcript

  1. Marc Seeger (@rb2k)
 Boston Devops Meetup
 May 20th 2014 at

  2. Act 1: Technology

  3. How it all started 7:24 PM

  4. How it all started 7:30 PM

  5. How it all started 7:26 PM

  6. How it all started 7:33 PM

  7. How it all started

  8. Quick risk assessment Lucid: [00:35:27] [email protected]:~# openssl version OpenSSL 0.9.8k

    25 Mar 2009 ! Precise: [00:34:37] [email protected]:~# openssl version OpenSSL 1.0.1 14 Mar 2012

  9. Where’s Waldo OpenSSL 8000 EC2 Machines: - 99.9% of them

    puppetized - Candidates: - Balancers - SVN Servers - Appliances - ELBs - 3rd party AMIs - Unique little snowflakes
 (Jira, Crucible,…)

  10. Let the patching begin

  11. Rollout Australia: ! Con: - Spiders - Snakes ! Pro:

    - Ops is awake

  12. Rollout

  13. Scan www

  14. Waiting on ELBs…

  15. Internal Certificates

  16. Suddenly: “reverse” Heartbleed

  17. Act 2: Communication

  18. Internal • Pre-determined chat rooms • Dial-in conference bridges •

    A communication plan Thanks SSAE-16, PCI and FedRAMP… I guess :)

  19. Statuspage + Twitter * Powered by StatusPage.io *

  20. Documentation https://docs.acquia.com/articles/heartbleed-acquia-cloud

  21. Proactive communication Phone calls by Acquia support, TAMs, …

  22. Since then: Post mortem

  23. Since then: Incident Commander (shamelessly stolen from Heroku) http://en.wikipedia.org/wiki/Incident_command_system

  24. Since then: Dedicated resource to vet security threats

  25. Since then: Clean up intranet docs

  26. Since then: Additional tooling

  27. We’re hiring (shameless self promotion) bit.ly/acquiajobs