Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed at Acquia
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Marc Seeger
May 20, 2014
Technology
0
15k
Heartbleed at Acquia
A quick presentation on how we handled Heartbleed at Acquia. Held at a DevOps Boston meetup.
Marc Seeger
May 20, 2014
Tweet
Share
More Decks by Marc Seeger
See All by Marc Seeger
Security in DECT
rb2k
2
180
The DIRAC video codec
rb2k
1
89
Communitygetriebene Android Systemerweiterungen
rb2k
1
57
Alternative infrastructure
rb2k
1
180
NoSQL Lunch and Learn
rb2k
9
8.6k
Lunch and Learn: Cucumber and Capybara
rb2k
7
22k
Other Decks in Technology
See All in Technology
2026-02-25 Tokyo dbt meetup プロダクトと融合したCI/CD で実現する、堅牢なデータパイプラインの作り方
y_ken
0
170
LY Tableauでの Tableau x AIの実践 (at Tableau Now! - 2026-02-26)
yoshitakaarakawa
0
1.2k
DX Improvement at Scale
ntk1000
2
160
OCI技術資料 : 外部接続 VPN接続 詳細
ocise
1
10k
技術キャッチアップ効率化を実現する記事推薦システムの構築
yudai00
2
170
ヘルシーSRE
tk3fftk
2
230
AWS CDK の目玉新機能「Mixins」とは / cdk-mixins
gotok365
2
320
AI ネイティブ組織への変革:ビジネスとITの統合が拓く未来/ AIで“はたらく”をアップデートする人材業界パーソルキャリアのリアル
techtekt
PRO
0
120
入門DBSC
ynojima
0
120
OSSで構築するIT基盤管理実践事例: NetBox・Snipe-IT・FreeRADIUS+PrivacyIDEA / Practical Case Studies of IT Infrastructure Management Using OSS
nttcom
0
180
AIエージェントで変わる開発プロセス ― レビューボトルネックからの脱却
lycorptech_jp
PRO
2
850
作るべきものと向き合う - ecspresso 8年間の開発史から学ぶ技術選定 / 技術選定con findy 2026
fujiwara3
6
1.7k
Featured
See All Featured
Build The Right Thing And Hit Your Dates
maggiecrowley
39
3.1k
Documentation Writing (for coders)
carmenintech
77
5.3k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.2k
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
170
16th Malabo Montpellier Forum Presentation
akademiya2063
PRO
0
63
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.6k
We Are The Robots
honzajavorek
0
190
Design in an AI World
tapps
0
160
Lightning Talk: Beautiful Slides for Beginners
inesmontani
PRO
1
460
Writing Fast Ruby
sferik
630
62k
The Power of CSS Pseudo Elements
geoffreycrofte
82
6.2k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.3k
Transcript
Marc Seeger (@rb2k) Boston Devops Meetup May 20th 2014 at
Act 1: Technology
How it all started 7:24 PM
How it all started 7:30 PM
How it all started 7:26 PM
How it all started 7:33 PM
How it all started
Quick risk assessment Lucid: [00:35:27]
[email protected]
:~# openssl version OpenSSL 0.9.8k
25 Mar 2009 ! Precise: [00:34:37]
[email protected]
:~# openssl version OpenSSL 1.0.1 14 Mar 2012
Where’s Waldo OpenSSL 8000 EC2 Machines: - 99.9% of them
puppetized - Candidates: - Balancers - SVN Servers - Appliances - ELBs - 3rd party AMIs - Unique little snowflakes (Jira, Crucible,…)
Let the patching begin
Rollout Australia: ! Con: - Spiders - Snakes ! Pro:
- Ops is awake
Rollout
Scan www
Waiting on ELBs…
Internal Certificates
Suddenly: “reverse” Heartbleed
Act 2: Communication
Internal • Pre-determined chat rooms • Dial-in conference bridges •
A communication plan Thanks SSAE-16, PCI and FedRAMP… I guess :)
Statuspage + Twitter * Powered by StatusPage.io *
Documentation https://docs.acquia.com/articles/heartbleed-acquia-cloud
Proactive communication Phone calls by Acquia support, TAMs, …
Since then: Post mortem
Since then: Incident Commander (shamelessly stolen from Heroku) http://en.wikipedia.org/wiki/Incident_command_system
Since then: Dedicated resource to vet security threats
Since then: Clean up intranet docs
Since then: Additional tooling
We’re hiring (shameless self promotion) bit.ly/acquiajobs
rb2k
y_ken
yoshitakaarakawa
ntk1000
ocise
yudai00
tk3fftk
gotok365
techtekt
ynojima
nttcom
lycorptech_jp
fujiwara3
maggiecrowley
carmenintech
irinanazarova
nikkihalliwell
akademiya2063
zakiyama
honzajavorek
tapps
inesmontani
sferik
geoffreycrofte
tammyeverts
![Quick risk assessment Lucid: [00:35:27] [email protected]:~# openssl version OpenSSL 0.9.8k](https://files.speakerdeck.com/presentations/9c065900c310013186c31652ff098141/slide_7.jpg){kind=link}
