

AWS Services Updated to Address OpenSSL Vulnerability - breadtk
https://aws.amazon.com/security/security-bulletins/aws-services-updated-to-address-openssl-vulnerability/

======
brryant
I have to give AWS credit for updating their systems so quickly. Despite a bit
of public anger over their lack of transparency (1) they managed to update
thousands, if not tens of thousands of OpenSSL installations in their
datacenter. Truly impressive devops at scale.

(1)
[https://forums.aws.amazon.com/thread.jspa?threadID=149690](https://forums.aws.amazon.com/thread.jspa?threadID=149690)

~~~
sokoloff
I wonder if AWS got an early heads-up from OpenSSL as at least one other major
infrastructure provider (Akamai) did:
[https://blogs.akamai.com/2014/04/heartbleed-faq-akamai-
syste...](https://blogs.akamai.com/2014/04/heartbleed-faq-akamai-systems-
patched.html)

------
benmmurphy
Were AWS API services affected? Is it possible that someone may have stolen
private credentials and is now able to hijack customers accounts?

~~~
thirsteh
Most API requests are signed (using HMAC) with the API secret key, and do not
actually include it, so no, probably. But certainly many other things could
have been read if they were vulnerable.

