Colm MacCárthaigh, who was Principal Engineer for Amazon Web Services Elastic Load Balancer five years ago, posted an interesting recollection of his experience the day the Heartbleed bug went public. OpenSSL was in use widely across AWS, and the team there basically dropped everything to hot patch millions of deployments, then over the next hours and days took many other steps to mitigate the damage. It’s a fascinating story if you’re familiar with information security, or even just minimally familiar with the infrastructure that keeps the internet going.
Great read but I wish the dude had a blog. There is few things worse than reading 25+ Twitter posts. This is a little easier –> https://threader.app/thread/1114944298246660100
Thanks. I almost skipped this read because of the format. You gave me a way to read it
Series of tweets made from something that should be a blog post? Please, don’t legitimise such idiocies by linking to them, no matter what content.
My summary: The whole world depended on a security library that was extended with a useless feature that was stupidly insecure. A few people worked exactly the way you should when it comes to security and soon the world was secure again and everyone lived happily ever after
I reformatted the tweetstorm into something that reads more like a blog post.