Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed at Acquia
Search
Marc Seeger
May 20, 2014
Technology
0
14k
Heartbleed at Acquia
A quick presentation on how we handled Heartbleed at Acquia. Held at a DevOps Boston meetup.
Marc Seeger
May 20, 2014
Tweet
Share
More Decks by Marc Seeger
See All by Marc Seeger
Security in DECT
rb2k
2
160
The DIRAC video codec
rb2k
1
78
Communitygetriebene Android Systemerweiterungen
rb2k
1
53
Alternative infrastructure
rb2k
1
170
NoSQL Lunch and Learn
rb2k
9
8.5k
Lunch and Learn: Cucumber and Capybara
rb2k
7
21k
Other Decks in Technology
See All in Technology
Kiroでインフラ要件定義~テスト を実施してみた
nagisa53
3
390
S3 Glacier のデータを Athena からクエリしようとしたらどうなるのか/try-to-query-s3-glacier-from-athena
emiki
0
240
Amazon Q と『音楽』-ゲーム音楽もAmazonQで作成してみた感想-
senseofunity129
0
160
Foundation Model × VisionKit で実現するローカル OCR
sansantech
PRO
1
400
「Roblox」の開発環境とその効率化 ~DAU9700万人超の巨大プラットフォームの開発 事始め~
keitatanji
0
140
Backlog AI アシスタントが切り開く未来
vvatanabe
1
160
Lambda management with ecspresso and Terraform
ijin
2
170
意志の力が9割。アニメから学ぶAI時代のこれから。
endohizumi
1
100
AI関数が早くなったので試してみよう
kumakura
0
320
生成AIによるデータサイエンスの変革
taka_aki
0
3k
大規模イベントに向けた ABEMA アーキテクチャの遍歴 ~ Platform Strategy 詳細解説 ~
nagapad
0
240
事業特性から逆算したインフラ設計
upsider_tech
0
170
Featured
See All Featured
The Power of CSS Pseudo Elements
geoffreycrofte
77
5.9k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
229
22k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3k
Speed Design
sergeychernyshev
32
1.1k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
46
7.6k
Why You Should Never Use an ORM
jnunemaker
PRO
58
9.5k
Testing 201, or: Great Expectations
jmmastey
45
7.6k
Bash Introduction
62gerente
614
210k
Transcript
Marc Seeger (@rb2k) Boston Devops Meetup May 20th 2014 at
Act 1: Technology
How it all started 7:24 PM
How it all started 7:30 PM
How it all started 7:26 PM
How it all started 7:33 PM
How it all started
Quick risk assessment Lucid: [00:35:27]
[email protected]
:~# openssl version OpenSSL 0.9.8k
25 Mar 2009 ! Precise: [00:34:37]
[email protected]
:~# openssl version OpenSSL 1.0.1 14 Mar 2012
Where’s Waldo OpenSSL 8000 EC2 Machines: - 99.9% of them
puppetized - Candidates: - Balancers - SVN Servers - Appliances - ELBs - 3rd party AMIs - Unique little snowflakes (Jira, Crucible,…)
Let the patching begin
Rollout Australia: ! Con: - Spiders - Snakes ! Pro:
- Ops is awake
Rollout
Scan www
Waiting on ELBs…
Internal Certificates
Suddenly: “reverse” Heartbleed
Act 2: Communication
Internal • Pre-determined chat rooms • Dial-in conference bridges •
A communication plan Thanks SSAE-16, PCI and FedRAMP… I guess :)
Statuspage + Twitter * Powered by StatusPage.io *
Documentation https://docs.acquia.com/articles/heartbleed-acquia-cloud
Proactive communication Phone calls by Acquia support, TAMs, …
Since then: Post mortem
Since then: Incident Commander (shamelessly stolen from Heroku) http://en.wikipedia.org/wiki/Incident_command_system
Since then: Dedicated resource to vet security threats
Since then: Clean up intranet docs
Since then: Additional tooling
We’re hiring (shameless self promotion) bit.ly/acquiajobs
rb2k
nagisa53
emiki
senseofunity129
sansantech
keitatanji
vvatanabe
ijin
endohizumi
kumakura
taka_aki
nagapad
upsider_tech
geoffreycrofte
danielanewman
samlambert
eileencodes
sergeychernyshev
chriscoyier
marcelosomers
jcasabona
jnunemaker
jmmastey
62gerente
![Quick risk assessment Lucid: [00:35:27] [email protected]:~# openssl version OpenSSL 0.9.8k](https://files.speakerdeck.com/presentations/9c065900c310013186c31652ff098141/slide_7.jpg){kind=link}
