Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Heartbleed at Acquia

Marc Seeger
May 20, 2014
Technology
0
14k

Heartbleed at Acquia

A quick presentation on how we handled Heartbleed at Acquia. Held at a DevOps Boston meetup.

Marc Seeger

May 20, 2014
Tweet

More Decks by Marc Seeger

See All by Marc Seeger
Security in DECT
rb2k
2
160
The DIRAC video codec
rb2k
1
73
Communitygetriebene Android Systemerweiterungen
rb2k
1
52
Alternative infrastructure
rb2k
1
170
NoSQL Lunch and Learn
rb2k
9
8.5k
Lunch and Learn: Cucumber and Capybara
rb2k
7
21k

Other Decks in Technology

See All in Technology
ビジネスモデリング道場 目的と背景
masuda220
PRO
9
550
インフラをつくるとはどういうことなのか、 あるいはPlatform Engineeringについて
nwiizo
5
2.6k
Classmethod AI Talks(CATs) #17 司会進行スライド(2025.02.19) / classmethod-ai-talks-aka-cats_moderator-slides_vol17_2025-02-19
shinyaa31
0
120
次世代KYC活動報告 / 20250219-BizDay17-KYC-nextgen
oidfj
0
260
運用しているアプリケーションのDBのリプレイスをやってみた
miura55
1
740
リーダブルテストコード 〜メンテナンスしやすい テストコードを作成する方法を考える〜 #DevSumi #DevSumiB / Readable test code
nihonbuson
11
7.3k
Developers Summit 2025 浅野卓也(13-B-7 LegalOn Technologies)
legalontechnologies
PRO
0
740
N=1から解き明かす AWS ソリューションアーキテクトの魅力
kiiwami
0
130
ハッキングの世界に迫る~攻撃者の思考で考えるセキュリティ~
nomizone
13
5.2k
明日からできる!技術的負債の返済を加速するための実践ガイド~『ホットペッパービューティー』の事例をもとに~
recruitengineers
PRO
3
410
エンジニアの育成を支える爆速フィードバック文化
sansantech
PRO
3
1.1k
白金鉱業Meetup Vol.17_あるデータサイエンティストのデータマネジメントとの向き合い方
brainpadpr
6
770

Featured

See All Featured
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
120k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
193
16k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
29
1k
RailsConf 2023
tenderlove
29
1k
How to Ace a Technical Interview
jacobian
276
23k
The Cost Of JavaScript in 2023
addyosmani
47
7.3k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.7k
Product Roadmaps are Hard
iamctodd
PRO
50
11k
Code Review Best Practice
trishagee
67
18k
A designer walks into a library…
pauljervisheath
205
24k
Speed Design
sergeychernyshev
27
790
Automating Front-end Workflow
addyosmani
1368
200k

Transcript

  1. Marc Seeger (@rb2k)
 Boston Devops Meetup
 May 20th 2014 at

  2. Act 1: Technology

  3. How it all started 7:24 PM

  4. How it all started 7:30 PM

  5. How it all started 7:26 PM

  6. How it all started 7:33 PM

  7. How it all started

  8. Quick risk assessment Lucid: [00:35:27] [email protected]:~# openssl version OpenSSL 0.9.8k

    25 Mar 2009 ! Precise: [00:34:37] [email protected]:~# openssl version OpenSSL 1.0.1 14 Mar 2012

  9. Where’s Waldo OpenSSL 8000 EC2 Machines: - 99.9% of them

    puppetized - Candidates: - Balancers - SVN Servers - Appliances - ELBs - 3rd party AMIs - Unique little snowflakes
 (Jira, Crucible,…)

  10. Let the patching begin

  11. Rollout Australia: ! Con: - Spiders - Snakes ! Pro:

    - Ops is awake

  12. Rollout

  13. Scan www

  14. Waiting on ELBs…

  15. Internal Certificates

  16. Suddenly: “reverse” Heartbleed

  17. Act 2: Communication

  18. Internal • Pre-determined chat rooms • Dial-in conference bridges •

    A communication plan Thanks SSAE-16, PCI and FedRAMP… I guess :)

  19. Statuspage + Twitter * Powered by StatusPage.io *

  20. Documentation https://docs.acquia.com/articles/heartbleed-acquia-cloud

  21. Proactive communication Phone calls by Acquia support, TAMs, …

  22. Since then: Post mortem

  23. Since then: Incident Commander (shamelessly stolen from Heroku) http://en.wikipedia.org/wiki/Incident_command_system

  24. Since then: Dedicated resource to vet security threats

  25. Since then: Clean up intranet docs

  26. Since then: Additional tooling

  27. We’re hiring (shameless self promotion) bit.ly/acquiajobs