Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Heartbleed at Acquia
Search
Marc Seeger
May 20, 2014
Technology
0
15k
Heartbleed at Acquia
A quick presentation on how we handled Heartbleed at Acquia. Held at a DevOps Boston meetup.
Marc Seeger
May 20, 2014
Tweet
Share
More Decks by Marc Seeger
See All by Marc Seeger
Security in DECT
rb2k
2
180
The DIRAC video codec
rb2k
1
87
Communitygetriebene Android Systemerweiterungen
rb2k
1
56
Alternative infrastructure
rb2k
1
180
NoSQL Lunch and Learn
rb2k
9
8.6k
Lunch and Learn: Cucumber and Capybara
rb2k
7
22k
Other Decks in Technology
See All in Technology
AzureでのIaC - Bicep? Terraform? それ早く言ってよ会議
torumakabe
1
550
OWASP Top 10:2025 リリースと 少しの日本語化にまつわる裏話
okdt
PRO
3
760
SREチームをどう作り、どう育てるか ― Findy横断SREのマネジメント
rvirus0817
0
250
配列に見る bash と zsh の違い
kazzpapa3
1
150
プロポーザルに込める段取り八分
shoheimitani
1
270
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
3k
ファインディの横断SREがTakumi byGMOと取り組む、セキュリティと開発スピードの両立
rvirus0817
1
1.4k
~Everything as Codeを諦めない~ 後からCDK
mu7889yoon
3
370
コスト削減から「セキュリティと利便性」を担うプラットフォームへ
sansantech
PRO
3
1.5k
Introduction to Sansan for Engineers / エンジニア向け会社紹介
sansan33
PRO
6
68k
What happened to RubyGems and what can we learn?
mikemcquaid
0
300
Kiro IDEのドキュメントを全部読んだので地味だけどちょっと嬉しい機能を紹介する
khmoryz
0
200
Featured
See All Featured
The Art of Programming - Codeland 2020
erikaheidi
57
14k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.2k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
47
7.9k
We Are The Robots
honzajavorek
0
160
What Being in a Rock Band Can Teach Us About Real World SEO
427marketing
0
170
Visualization
eitanlees
150
17k
Rebuilding a faster, lazier Slack
samanthasiow
85
9.4k
The SEO Collaboration Effect
kristinabergwall1
0
350
Fireside Chat
paigeccino
41
3.8k
Why Our Code Smells
bkeepers
PRO
340
58k
Navigating the Design Leadership Dip - Product Design Week Design Leaders+ Conference 2024
apolaine
0
180
More Than Pixels: Becoming A User Experience Designer
marktimemedia
3
320
Transcript
Marc Seeger (@rb2k) Boston Devops Meetup May 20th 2014 at
Act 1: Technology
How it all started 7:24 PM
How it all started 7:30 PM
How it all started 7:26 PM
How it all started 7:33 PM
How it all started
Quick risk assessment Lucid: [00:35:27]
[email protected]
:~# openssl version OpenSSL 0.9.8k
25 Mar 2009 ! Precise: [00:34:37]
[email protected]
:~# openssl version OpenSSL 1.0.1 14 Mar 2012
Where’s Waldo OpenSSL 8000 EC2 Machines: - 99.9% of them
puppetized - Candidates: - Balancers - SVN Servers - Appliances - ELBs - 3rd party AMIs - Unique little snowflakes (Jira, Crucible,…)
Let the patching begin
Rollout Australia: ! Con: - Spiders - Snakes ! Pro:
- Ops is awake
Rollout
Scan www
Waiting on ELBs…
Internal Certificates
Suddenly: “reverse” Heartbleed
Act 2: Communication
Internal • Pre-determined chat rooms • Dial-in conference bridges •
A communication plan Thanks SSAE-16, PCI and FedRAMP… I guess :)
Statuspage + Twitter * Powered by StatusPage.io *
Documentation https://docs.acquia.com/articles/heartbleed-acquia-cloud
Proactive communication Phone calls by Acquia support, TAMs, …
Since then: Post mortem
Since then: Incident Commander (shamelessly stolen from Heroku) http://en.wikipedia.org/wiki/Incident_command_system
Since then: Dedicated resource to vet security threats
Since then: Clean up intranet docs
Since then: Additional tooling
We’re hiring (shameless self promotion) bit.ly/acquiajobs
rb2k
torumakabe
okdt
rvirus0817
kazzpapa3
shoheimitani
sansan33
mu7889yoon
sansantech
mikemcquaid
khmoryz
erikaheidi
kastner
eileencodes
honzajavorek
427marketing
eitanlees
samanthasiow
kristinabergwall1
paigeccino
bkeepers
apolaine
marktimemedia
![Quick risk assessment Lucid: [00:35:27] [email protected]:~# openssl version OpenSSL 0.9.8k](https://files.speakerdeck.com/presentations/9c065900c310013186c31652ff098141/slide_7.jpg){kind=link}
