Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed at Acquia
Search
Marc Seeger
May 20, 2014
Technology
0
14k
Heartbleed at Acquia
A quick presentation on how we handled Heartbleed at Acquia. Held at a DevOps Boston meetup.
Marc Seeger
May 20, 2014
Tweet
Share
More Decks by Marc Seeger
See All by Marc Seeger
Security in DECT
rb2k
2
160
The DIRAC video codec
rb2k
1
72
Communitygetriebene Android Systemerweiterungen
rb2k
1
51
Alternative infrastructure
rb2k
1
170
NoSQL Lunch and Learn
rb2k
9
8.4k
Lunch and Learn: Cucumber and Capybara
rb2k
7
20k
Other Decks in Technology
See All in Technology
生成AIが変えるデータ分析の全体像
ishikawa_satoru
0
170
10XにおけるData Contractの導入について: Data Contract事例共有会
10xinc
6
660
AWS Media Services 最新サービスアップデート 2024
eijikominami
0
200
IBC 2024 動画技術関連レポート / IBC 2024 Report
cyberagentdevelopers
PRO
1
110
オープンソースAIとは何か? --「オープンソースAIの定義 v1.0」詳細解説
shujisado
10
1.1k
Application Development WG Intro at AppDeveloperCon
salaboy
0
190
rootlessコンテナのすゝめ - 研究室サーバーでもできる安全なコンテナ管理
kitsuya0828
3
390
ドメインの本質を掴む / Get the essence of the domain
sinsoku
2
160
Making your applications cross-environment - OSCG 2024 NA
salaboy
0
190
EventHub Startup CTO of the year 2024 ピッチ資料
eventhub
0
120
Terraform Stacks入門 #HashiTalks
msato
0
360
【Pycon mini 東海 2024】Google Colaboratoryで試すVLM
kazuhitotakahashi
2
540
Featured
See All Featured
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
900
Into the Great Unknown - MozCon
thekraken
32
1.5k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
The Cult of Friendly URLs
andyhume
78
6k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
720
Fireside Chat
paigeccino
34
3k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k
Navigating Team Friction
lara
183
14k
GitHub's CSS Performance
jonrohan
1030
460k
Statistics for Hackers
jakevdp
796
220k
Code Review Best Practice
trishagee
64
17k
Transcript
Marc Seeger (@rb2k) Boston Devops Meetup May 20th 2014 at
Act 1: Technology
How it all started 7:24 PM
How it all started 7:30 PM
How it all started 7:26 PM
How it all started 7:33 PM
How it all started
Quick risk assessment Lucid: [00:35:27]
[email protected]
:~# openssl version OpenSSL 0.9.8k
25 Mar 2009 ! Precise: [00:34:37]
[email protected]
:~# openssl version OpenSSL 1.0.1 14 Mar 2012
Where’s Waldo OpenSSL 8000 EC2 Machines: - 99.9% of them
puppetized - Candidates: - Balancers - SVN Servers - Appliances - ELBs - 3rd party AMIs - Unique little snowflakes (Jira, Crucible,…)
Let the patching begin
Rollout Australia: ! Con: - Spiders - Snakes ! Pro:
- Ops is awake
Rollout
Scan www
Waiting on ELBs…
Internal Certificates
Suddenly: “reverse” Heartbleed
Act 2: Communication
Internal • Pre-determined chat rooms • Dial-in conference bridges •
A communication plan Thanks SSAE-16, PCI and FedRAMP… I guess :)
Statuspage + Twitter * Powered by StatusPage.io *
Documentation https://docs.acquia.com/articles/heartbleed-acquia-cloud
Proactive communication Phone calls by Acquia support, TAMs, …
Since then: Post mortem
Since then: Incident Commander (shamelessly stolen from Heroku) http://en.wikipedia.org/wiki/Incident_command_system
Since then: Dedicated resource to vet security threats
Since then: Clean up intranet docs
Since then: Additional tooling
We’re hiring (shameless self promotion) bit.ly/acquiajobs
rb2k
ishikawa_satoru
10xinc
eijikominami
cyberagentdevelopers
shujisado
salaboy
kitsuya0828
sinsoku
eventhub
msato
kazuhitotakahashi
reverentgeek
thekraken
stephaniewalter
andyhume
honnibal
paigeccino
chrisshort
caitiem20
lara
jonrohan
jakevdp
trishagee
![Quick risk assessment Lucid: [00:35:27] [email protected]:~# openssl version OpenSSL 0.9.8k](https://files.speakerdeck.com/presentations/9c065900c310013186c31652ff098141/slide_7.jpg){kind=link}
