[OPLIN 4cast] OPLIN 4cast #531: Welcome to the latest internet security disaster...maybe

Wed Mar 1 10:30:15 EST 2017

Email not displaying correctly? View it in your browser.
<http://www.oplin.org/4cast/>
[image: OPLIN 4Cast]

OPLIN 4cast #531: Welcome to the latest internet security disaster...maybe
March 1st, 2017

[image: cloudbleed icon and hashtag] Hopefully, last Thursday, you weren't
hiding under a rock, because a major news story broke about a serious
internet security threat. Dubbed "Cloudbleed," experts deem it to be as
huge as the 2014 Heartbleed bug <http://heartbleed.com/>.  Cloudbleed is so
named because it originates from Cloudflare, the security company behind
some of the largest websites on the net: Uber, Fitbit, Medium and Yelp, for
starters (full list here <https://github.com/pirate/sites-using-cloudflare>).

The good news? Once it was found, it was patched pretty quickly, and
experts believe it may not have been widely exploited while it was out in
the wild. The bad news? This leak may have been going on from as early as
September 2016.  How much user information is now online is debatable, and
experts aren't even agreeing on whether or not you should change your
passwords (our take? Yeah, you should; it can't hurt).
- CloudBleed: Should You Reset Your Passwords?
<http://fortune.com/2017/02/25/cloudbleed-password-security/> [Fortune]
"And while Google is reportedly working to scrub its own archives, the data
will likely continue floating around in a variety of other public and
private caches. That, plus the huge scope and scale of the problem, means
that security-conscious web users should reset their passwords—all of them."
- What You Need to Know About Cloudbleed
<http://nymag.com/selectall/2017/02/what-is-cloudbleed-cloudflare.html>
[Select/All] "Do you have to, as Gizmodo put it
<http://gizmodo.com/cloudbleed-password-memory-leak-cloudflare-1792709635>,
'Change Your Passwords. Now'? Not necessarily. Much of that hand-wringing
comes from an enormous list of sites that use Cloudflare, whose author
admits, “just because a domain is on the list does not mean the site is
compromised, and sites may be compromised that do not appear on this list.”
- Why you shouldn't freak out (yet) about the 'Cloudbleed' security leak
<http://money.cnn.com/2017/02/24/technology/cloudflare-cloudbleed-security-vulnerability/>
[CNN
Tech] "Caution is warranted, though. Ryan Lackey, a security entrepreneur
who formerly worked at Cloudflare, said since people can't be certain what
information, if any, was affected, they may want to change their passwords."
- Massive Bug May Have Leaked User Data From Millions of Sites. So … Change
Your Passwords
<https://www.wired.com/2017/02/crazy-cloudflare-bug-jeopardized-millions-sites/>
[Wired]
"To mitigate whatever risk does remain, security researcher and former
Cloudflare employee Ryan Lackey suggests changing every password for every
online account, since the “Cloudbleed” leak could have exposed anything."

*From the Ohio Web Library <http://ohioweblibrary.org>:*

   - Everything You Need to Know About Cloudbleed, the Latest Internet
   Security Disaster
   <http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=pwh&AN=00411460f7c92d2124a67ea0f4cb5f850027>
   (*FARS News Agency**Points of View Reference Center*, EBSCO*host*
   (accessed February 27, 2017)).
   - Heartbleed Remains a Risk 2 Years After It Was Reported
   <http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=voh&AN=114376451&site=ehost-live>
   (Kerner, S. M. (2016). Heartbleed Remains a Risk 2 Years After It Was
   Reported. *Eweek*, 3.)

(Featured image from https://medium.com/@octal/cloudbleed-how-to-deal-
with-it-150e907fd165#.f755e9sqp)
------------------------------
The *OPLIN 4cast* is a weekly compilation of recent headlines, topics, and
trends that could impact public libraries. You can subscribe to it in a
variety of ways, such as:

   - *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
   subscribing to the following URL: http://www.oplin.org/4cast/
   index.php/?feed=rss2.
   - *Live Bookmark.* If you're using the Firefox web browser, you can go
   to the 4cast website (http://www.oplin.org/4cast/) and click on the
   orange "radio wave" icon on the right side of the address bar. In Internet
   Explorer 7, click on the same icon to view or subscribe to the 4cast RSS
   feed.
   - *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
   OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at
   http://lists.oplin.org/mailman/listinfo/OPLIN4cast
   <http://lists.oplin.org/mailman/listinfo/OPLIN4cast>.

© 2016 Ohio Public Library Information Network
[image: Find us on Slideshare] <http://www.slideshare.net/oplin>  [image:
Find us on Facebook] <http://www.facebook.com/oplin.org>  [image: Find us
on Google+] <https://plus.google.com/107751358238995507967>  [image: Find
us on Twitter] <http://www.twitter.com/oplin>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20170301/a548a3f0/attachment.html>