Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed at Acquia
Search
Marc Seeger
May 20, 2014
Technology
0
15k
Heartbleed at Acquia
A quick presentation on how we handled Heartbleed at Acquia. Held at a DevOps Boston meetup.
Marc Seeger
May 20, 2014
Tweet
Share
More Decks by Marc Seeger
See All by Marc Seeger
Security in DECT
rb2k
2
160
The DIRAC video codec
rb2k
1
79
Communitygetriebene Android Systemerweiterungen
rb2k
1
54
Alternative infrastructure
rb2k
1
170
NoSQL Lunch and Learn
rb2k
9
8.5k
Lunch and Learn: Cucumber and Capybara
rb2k
7
21k
Other Decks in Technology
See All in Technology
後進育成のしくじり〜任せるスキルとリーダーシップの両立〜
matsu0228
6
1.9k
BirdCLEF+2025 Noir 5位解法紹介
myso
0
190
成長自己責任時代のあるきかた/How to navigate the era of personal responsibility for growth
kwappa
3
240
全てGoで作るP2P対戦ゲーム入門
ponyo877
3
1.3k
動画データのポテンシャルを引き出す! Databricks と AI活用への奮闘記(現在進行形)
databricksjapan
0
140
AI ReadyなData PlatformとしてのAutonomous Databaseアップデート
oracle4engineer
PRO
0
150
許しとアジャイル
jnuank
1
110
Railsアプリケーション開発者のためのブックガイド
takahashim
14
6k
GC25 Recap+: Advancing Go Garbage Collection with Green Tea
logica0419
1
360
Goに育てられ開発者向けセキュリティ事業を立ち上げた僕が今向き合う、AI × セキュリティの最前線 / Go Conference 2025
flatt_security
0
330
タスクって今どうなってるの?3.14の新機能 asyncio ps と pstree でasyncioのデバッグを (PyCon JP 2025)
jrfk
1
240
いまさら聞けない ABテスト入門
skmr2348
1
190
Featured
See All Featured
Faster Mobile Websites
deanohume
310
31k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
GraphQLとの向き合い方2022年版
quramy
49
14k
Into the Great Unknown - MozCon
thekraken
40
2.1k
A better future with KSS
kneath
239
17k
How GitHub (no longer) Works
holman
315
140k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
Java REST API Framework Comparison - PWX 2021
mraible
33
8.8k
Side Projects
sachag
455
43k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
9.7k
Making the Leap to Tech Lead
cromwellryan
135
9.5k
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.4k
Transcript
Marc Seeger (@rb2k) Boston Devops Meetup May 20th 2014 at
Act 1: Technology
How it all started 7:24 PM
How it all started 7:30 PM
How it all started 7:26 PM
How it all started 7:33 PM
How it all started
Quick risk assessment Lucid: [00:35:27]
[email protected]
:~# openssl version OpenSSL 0.9.8k
25 Mar 2009 ! Precise: [00:34:37]
[email protected]
:~# openssl version OpenSSL 1.0.1 14 Mar 2012
Where’s Waldo OpenSSL 8000 EC2 Machines: - 99.9% of them
puppetized - Candidates: - Balancers - SVN Servers - Appliances - ELBs - 3rd party AMIs - Unique little snowflakes (Jira, Crucible,…)
Let the patching begin
Rollout Australia: ! Con: - Spiders - Snakes ! Pro:
- Ops is awake
Rollout
Scan www
Waiting on ELBs…
Internal Certificates
Suddenly: “reverse” Heartbleed
Act 2: Communication
Internal • Pre-determined chat rooms • Dial-in conference bridges •
A communication plan Thanks SSAE-16, PCI and FedRAMP… I guess :)
Statuspage + Twitter * Powered by StatusPage.io *
Documentation https://docs.acquia.com/articles/heartbleed-acquia-cloud
Proactive communication Phone calls by Acquia support, TAMs, …
Since then: Post mortem
Since then: Incident Commander (shamelessly stolen from Heroku) http://en.wikipedia.org/wiki/Incident_command_system
Since then: Dedicated resource to vet security threats
Since then: Clean up intranet docs
Since then: Additional tooling
We’re hiring (shameless self promotion) bit.ly/acquiajobs
rb2k
matsu0228
myso
kwappa
ponyo877
databricksjapan
oracle4engineer
jnuank
takahashim
logica0419
flatt_security
jrfk
skmr2348
deanohume
tanoku
quramy
thekraken
kneath
holman
caitiem20
mraible
sachag
eileencodes
cromwellryan
philnash
![Quick risk assessment Lucid: [00:35:27] [email protected]:~# openssl version OpenSSL 0.9.8k](https://files.speakerdeck.com/presentations/9c065900c310013186c31652ff098141/slide_7.jpg){kind=link}
