Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed at Acquia
Search
Marc Seeger
May 20, 2014
Technology
0
13k
Heartbleed at Acquia
A quick presentation on how we handled Heartbleed at Acquia. Held at a DevOps Boston meetup.
Marc Seeger
May 20, 2014
Tweet
Share
More Decks by Marc Seeger
See All by Marc Seeger
Security in DECT
rb2k
2
130
The DIRAC video codec
rb2k
1
66
Communitygetriebene Android Systemerweiterungen
rb2k
1
49
Alternative infrastructure
rb2k
1
160
NoSQL Lunch and Learn
rb2k
9
8.3k
Lunch and Learn: Cucumber and Capybara
rb2k
7
19k
Other Decks in Technology
See All in Technology
自己改善からチームを動かす! 「セルフエンジニアリングマネージャー」のすゝめ
shoota
6
830
Building a RAG-powered AI chat app with Python and VS Code
pamelafox
0
110
今年のRubyKaigiはProfiler Year🤘
osyoyu
0
190
Janus
bkuhlmann
1
490
web-application-security
matsuihidetoshi
0
170
リテール金融(キャッシュレス・ネット銀行・ネット証券)の競争環境と経済圏
8maki
0
1.3k
KubeConにproposalを送りたい人へのアドバイス
sat
PRO
3
260
TechFeed Experts Night#27 〜 フロントエンドフレームワーク最前線 (Svelte)
baseballyama
1
540
Java EE/Jakarta EEの現状と将来 ―クラウドネイティブ時代にJava EEは対応できるのか?―
takakiyo
1
170
ChatworkのSRE部って実は 半分くらいPlatform Engineering部かもしれない
saramune
0
160
家族アルバム みてねにおけるGrafana活用術 / Grafana Meetup Japan Vol.1 LT
isaoshimizu
1
790
Cypress or Playwright?
rainerhahnekamp
0
130
Featured
See All Featured
Fashionably flexible responsive web design (full day workshop)
malarkey
398
65k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
116
18k
YesSQL, Process and Tooling at Scale
rocio
164
13k
Code Reviewing Like a Champion
maltzj
514
39k
Imperfection Machines: The Place of Print at Facebook
scottboms
260
12k
Debugging Ruby Performance
tmm1
70
11k
How GitHub (no longer) Works
holman
304
140k
Into the Great Unknown - MozCon
thekraken
10
1k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
40
4.4k
The Cult of Friendly URLs
andyhume
74
5.7k
How STYLIGHT went responsive
nonsquared
92
4.8k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
7
1k
Transcript
Marc Seeger (@rb2k) Boston Devops Meetup May 20th 2014 at
Act 1: Technology
How it all started 7:24 PM
How it all started 7:30 PM
How it all started 7:26 PM
How it all started 7:33 PM
How it all started
Quick risk assessment Lucid: [00:35:27]
[email protected]
:~# openssl version OpenSSL 0.9.8k
25 Mar 2009 ! Precise: [00:34:37]
[email protected]
:~# openssl version OpenSSL 1.0.1 14 Mar 2012
Where’s Waldo OpenSSL 8000 EC2 Machines: - 99.9% of them
puppetized - Candidates: - Balancers - SVN Servers - Appliances - ELBs - 3rd party AMIs - Unique little snowflakes (Jira, Crucible,…)
Let the patching begin
Rollout Australia: ! Con: - Spiders - Snakes ! Pro:
- Ops is awake
Rollout
Scan www
Waiting on ELBs…
Internal Certificates
Suddenly: “reverse” Heartbleed
Act 2: Communication
Internal • Pre-determined chat rooms • Dial-in conference bridges •
A communication plan Thanks SSAE-16, PCI and FedRAMP… I guess :)
Statuspage + Twitter * Powered by StatusPage.io *
Documentation https://docs.acquia.com/articles/heartbleed-acquia-cloud
Proactive communication Phone calls by Acquia support, TAMs, …
Since then: Post mortem
Since then: Incident Commander (shamelessly stolen from Heroku) http://en.wikipedia.org/wiki/Incident_command_system
Since then: Dedicated resource to vet security threats
Since then: Clean up intranet docs
Since then: Additional tooling
We’re hiring (shameless self promotion) bit.ly/acquiajobs
rb2k
shoota
pamelafox
osyoyu
bkuhlmann
matsuihidetoshi
8maki
sat
baseballyama
takakiyo
saramune
isaoshimizu
rainerhahnekamp
malarkey
morganepeng
rocio
maltzj
scottboms
tmm1
holman
thekraken
reverentgeek
andyhume
nonsquared
bluesmoon
![Quick risk assessment Lucid: [00:35:27] [email protected]:~# openssl version OpenSSL 0.9.8k](https://files.speakerdeck.com/presentations/9c065900c310013186c31652ff098141/slide_7.jpg){kind=link}
