April 8th, 2014 was a pretty exciting day for me.
After admiring OpenDNS as a researcher, and then as a customer, I officially began working at the company as Director of Security Engineering. For the prior 6+ years, I had been Director of Security Operations at Yahoo! having built a rock star team of security engineers. I learned a lot there about scale, building resilient systems, and protecting user data. It’s refreshing to land in a place surrounded by like minded individuals where security is a core competency.
As it turned out, the timing of my landing couldn’t have been planned better.
During new hire orientation, the full impact of the Heartbleed OpenSSL Vulnerability started to hit news outlets and IT departments around the globe. By the time I received my shiny new MacBook Pro, I already had an inbox full of activity. The OpenDNS infrastructure team was on the move, checking our systems for Heartbleed-related exposures, and assessing (if required) any mitigations.
I’m happy to report that no production systems that pass user traffic or user credentials were impacted by this vulnerability.
Unfortunately, several other companies didn’t get off so easily. The vulnerability window included versions of OpenSSL which have been around for over 2 years. Some sites have already upgraded to a fixed release, which you can check via http://filippo.io/Heartbleed/. However, there is no way to know if any given company was vulnerable, unless they disclose that information to their users.
To be on the safe side, take this opportunity to change your password for sites you visit that may use OpenSSL, such as banking and e-commerce sites. I sure will be!
Although it wasn’t an ideal first day, it was amazing to see the collaboration between teams working the issue at OpenDNS. Teams in both our Vancouver and San Francisco office were able to communicate efficiently and identify any potential issues on our end. I consider myself lucky to join such an agile team.
I can’t wait to see how tomorrow unfolds. Barring any 0day announcements, I’m looking forward to sinking my teeth into the products and working with customers to help them realize what I did the first time I saw the product demos: OpenDNS truly allows the world to connect with confidence anywhere, on any device, at anytime.