Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed at Acquia
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Marc Seeger
May 20, 2014
Technology
15k
0
Share
Heartbleed at Acquia
A quick presentation on how we handled Heartbleed at Acquia. Held at a DevOps Boston meetup.
Marc Seeger
May 20, 2014
More Decks by Marc Seeger
See All by Marc Seeger
Security in DECT
rb2k
2
190
The DIRAC video codec
rb2k
1
94
Communitygetriebene Android Systemerweiterungen
rb2k
1
59
Alternative infrastructure
rb2k
1
190
NoSQL Lunch and Learn
rb2k
9
8.6k
Lunch and Learn: Cucumber and Capybara
rb2k
7
22k
Other Decks in Technology
See All in Technology
アプリブロック機能のつくりかたと、AIとHTMLの不合理な相性の良さについて
kumamotone
1
260
障害対応のRunbookは作った、でも本当に動くの? AWS FIS で EKS の AZ 障害を再現してみた
tk3fftk
0
100
既存プロダクトQAから新規プロダクトQAへ
ryotakahashi
0
160
なぜ、IAMロールのプリンシパルに*による部分マッチングが使えないのか? / 20260518-ssmjp-iam-role-principal
opelab
1
130
Oracle Cloud Infrastructure presents managed, serverless MCP Servers for Oracle AI Database
thatjeffsmith
1
360
How to learn AWS Well-Architected with AWS BuilderCards: Security Edition
coosuke
PRO
0
150
Gaussian Splattingの実用化 - 映像制作への展開
gpuunite_official
0
200
AIエージェントの支払い基盤 AgentCore Payments概要
kmiya84377
2
200
データモデリング通り #5オンライン勉強会: AIに『ビジネスの文脈』を教え込むデータモデリング
datayokocho
0
290
AI-Assisted Contributions and Maintainer Load - PyCon US 2026
pauloxnet
1
170
The Bag-of-Documents Model for Query Understanding and Retrieval
dtunkelang
0
150
Redmine次期バージョン7.0の注目新機能解説 — UI/UX強化と連携強化を中心に
vividtone
1
170
Featured
See All Featured
The untapped power of vector embeddings
frankvandijk
2
1.7k
Test your architecture with Archunit
thirion
1
2.2k
Data-driven link building: lessons from a $708K investment (BrightonSEO talk)
szymonslowik
1
1.1k
The #1 spot is gone: here's how to win anyway
tamaranovitovic
2
1k
What the history of the web can teach us about the future of AI
inesmontani
PRO
1
560
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
10
1.2k
Marketing Yourself as an Engineer | Alaka | Gurzu
gurzu
0
190
Visual Storytelling: How to be a Superhuman Communicator
reverentgeek
2
530
The Pragmatic Product Professional
lauravandoore
37
7.3k
Designing for humans not robots
tammielis
254
26k
Public Speaking Without Barfing On Your Shoes - THAT 2023
reverentgeek
1
390
Art, The Web, and Tiny UX
lynnandtonic
304
21k
Transcript
Marc Seeger (@rb2k) Boston Devops Meetup May 20th 2014 at
Act 1: Technology
How it all started 7:24 PM
How it all started 7:30 PM
How it all started 7:26 PM
How it all started 7:33 PM
How it all started
Quick risk assessment Lucid: [00:35:27]
[email protected]
:~# openssl version OpenSSL 0.9.8k
25 Mar 2009 ! Precise: [00:34:37]
[email protected]
:~# openssl version OpenSSL 1.0.1 14 Mar 2012
Where’s Waldo OpenSSL 8000 EC2 Machines: - 99.9% of them
puppetized - Candidates: - Balancers - SVN Servers - Appliances - ELBs - 3rd party AMIs - Unique little snowflakes (Jira, Crucible,…)
Let the patching begin
Rollout Australia: ! Con: - Spiders - Snakes ! Pro:
- Ops is awake
Rollout
Scan www
Waiting on ELBs…
Internal Certificates
Suddenly: “reverse” Heartbleed
Act 2: Communication
Internal • Pre-determined chat rooms • Dial-in conference bridges •
A communication plan Thanks SSAE-16, PCI and FedRAMP… I guess :)
Statuspage + Twitter * Powered by StatusPage.io *
Documentation https://docs.acquia.com/articles/heartbleed-acquia-cloud
Proactive communication Phone calls by Acquia support, TAMs, …
Since then: Post mortem
Since then: Incident Commander (shamelessly stolen from Heroku) http://en.wikipedia.org/wiki/Incident_command_system
Since then: Dedicated resource to vet security threats
Since then: Clean up intranet docs
Since then: Additional tooling
We’re hiring (shameless self promotion) bit.ly/acquiajobs
rb2k
kumamotone
tk3fftk
ryotakahashi
opelab
thatjeffsmith
coosuke
gpuunite_official
kmiya84377
datayokocho
pauloxnet
dtunkelang
vividtone
frankvandijk
thirion
szymonslowik
tamaranovitovic
inesmontani
addyosmani
gurzu
reverentgeek
lauravandoore
tammielis
lynnandtonic
![Quick risk assessment Lucid: [00:35:27] [email protected]:~# openssl version OpenSSL 0.9.8k](https://files.speakerdeck.com/presentations/9c065900c310013186c31652ff098141/slide_7.jpg){kind=link}
