Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed at Acquia
Search
Marc Seeger
May 20, 2014
Technology
0
14k
Heartbleed at Acquia
A quick presentation on how we handled Heartbleed at Acquia. Held at a DevOps Boston meetup.
Marc Seeger
May 20, 2014
Tweet
Share
More Decks by Marc Seeger
See All by Marc Seeger
Security in DECT
rb2k
2
160
The DIRAC video codec
rb2k
1
72
Communitygetriebene Android Systemerweiterungen
rb2k
1
51
Alternative infrastructure
rb2k
1
170
NoSQL Lunch and Learn
rb2k
9
8.4k
Lunch and Learn: Cucumber and Capybara
rb2k
7
20k
Other Decks in Technology
See All in Technology
RubyのWebアプリケーションを50倍速くする方法 / How to Make a Ruby Web Application 50 Times Faster
hogelog
3
940
インフラとバックエンドとフロントエンドをくまなく調べて遅いアプリを早くした件
tubone24
1
430
強いチームと開発生産性
onk
PRO
34
11k
データプロダクトの定義からはじめる、データコントラクト駆動なデータ基盤
chanyou0311
2
310
AWS Lambda のトラブルシュートをしていて思うこと
kazzpapa3
2
170
社内で最大の技術的負債のリファクタリングに取り組んだお話し
kidooonn
1
550
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.1k
生成AIが変えるデータ分析の全体像
ishikawa_satoru
0
100
DMARC 対応の話 - MIXI CTO オフィスアワー #04
bbqallstars
1
160
Lexical Analysis
shigashiyama
1
150
VideoMamba: State Space Model for Efficient Video Understanding
chou500
0
190
AWS Lambdaと歩んだ“サーバーレス”と今後 #lambda_10years
yoshidashingo
1
170
Featured
See All Featured
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
880
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
26
2.1k
Adopting Sorbet at Scale
ufuk
73
9.1k
The Cost Of JavaScript in 2023
addyosmani
45
6.7k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
370
Designing Experiences People Love
moore
138
23k
Designing for humans not robots
tammielis
250
25k
Writing Fast Ruby
sferik
627
61k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k
BBQ
matthewcrist
85
9.3k
Designing on Purpose - Digital PM Summit 2013
jponch
115
7k
Thoughts on Productivity
jonyablonski
67
4.3k
Transcript
Marc Seeger (@rb2k) Boston Devops Meetup May 20th 2014 at
Act 1: Technology
How it all started 7:24 PM
How it all started 7:30 PM
How it all started 7:26 PM
How it all started 7:33 PM
How it all started
Quick risk assessment Lucid: [00:35:27]
[email protected]
:~# openssl version OpenSSL 0.9.8k
25 Mar 2009 ! Precise: [00:34:37]
[email protected]
:~# openssl version OpenSSL 1.0.1 14 Mar 2012
Where’s Waldo OpenSSL 8000 EC2 Machines: - 99.9% of them
puppetized - Candidates: - Balancers - SVN Servers - Appliances - ELBs - 3rd party AMIs - Unique little snowflakes (Jira, Crucible,…)
Let the patching begin
Rollout Australia: ! Con: - Spiders - Snakes ! Pro:
- Ops is awake
Rollout
Scan www
Waiting on ELBs…
Internal Certificates
Suddenly: “reverse” Heartbleed
Act 2: Communication
Internal • Pre-determined chat rooms • Dial-in conference bridges •
A communication plan Thanks SSAE-16, PCI and FedRAMP… I guess :)
Statuspage + Twitter * Powered by StatusPage.io *
Documentation https://docs.acquia.com/articles/heartbleed-acquia-cloud
Proactive communication Phone calls by Acquia support, TAMs, …
Since then: Post mortem
Since then: Incident Commander (shamelessly stolen from Heroku) http://en.wikipedia.org/wiki/Incident_command_system
Since then: Dedicated resource to vet security threats
Since then: Clean up intranet docs
Since then: Additional tooling
We’re hiring (shameless self promotion) bit.ly/acquiajobs
rb2k
hogelog
tubone24
onk
chanyou0311
kazzpapa3
kidooonn
oracle4engineer
ishikawa_satoru
bbqallstars
shigashiyama
chou500
yoshidashingo
reverentgeek
marktimemedia
ufuk
addyosmani
irinanazarova
moore
tammielis
sferik
matthewcrist
jponch
jonyablonski
![Quick risk assessment Lucid: [00:35:27] [email protected]:~# openssl version OpenSSL 0.9.8k](https://files.speakerdeck.com/presentations/9c065900c310013186c31652ff098141/slide_7.jpg){kind=link}
