“Heartbleed”? Sounds like you should see a doctor….

Well, that doesn't look good...

Well, that doesn’t look good…

You might have been hearing a lot on the news and over the internet lately about a thing called “Heartbleed”, and how a lot of your passwords and various log-in information across websites may be compromised. It’s kind of a big deal conversation, so let’s talk about what you need to know about the issue.

The Short Explanation

Heartbleed is a bug that affects the way your browser talks to a website over an encrypted channel. Someone wanting to use this bug maliciously could theoretically take advantage of it to unravel the securities put in place by sensitive online locations like bank websites or e-commerce sites, and steal passwords and other sensitive information. Not cool.

The Longer Explanation

Heartbleed is a flaw in the OpenSSL implementation of SSL, a basic cryptographic protocol that secures Web communications. It’s been hiding in the OpenSSL software for a long time. SSL stands for “Secure Socket Layer”, and essentially makes your connection to a website that requires the transmission of private information (like credit card numbers and Social Security Numbers) to be encrypted and secure. For instance, you know SSL is being used on a website like Amazon.com because of the “s” at the end of the “http” line in the web address (the lock image is a nice touch, too).

Note the "s" at the end of the "http" line.

Note the “s” at the end of the “http” line.

Basically, it makes it so that your neighbor can’t “see” what you’re doing over your connection while you’re shopping or banking or whatever.

OpenSSL  is the open-sourced version of SSL, and is used pretty heavily by the Apache and nginx Web servers. These two servers combined power what amounts to be almost two-thirds of all active websites on the internet, which is a lot!

The bug Heartbleed affects an extension in OpenSSL called “heartbeat”, essentially making it possible for malicious users of the web to request data from a Web server’s memory and “see” that previously secure data. That kind of data could include sensitive information. People abusing this flaw could then take that data and impersonate services and users.

The Problem in a (reasonably sized) nutshell

Data leakage is obviously the main issue. A companion problem to this issue is that it’s actually really difficult to tell if someone is exploiting this bug, which makes it really difficult to tell if you are or have been a potential victim. Since the bug has been around since around late 2013, it’s possible that there’s been a lot of undetected shenanigans going on all over the internet if people of questionable character have come across the bug. There’s a lot of room for these people to have messed with a lot of secure data and communications.

Since you can’t actually tell if a site you’ve visited or a site you own has been a victim of inappropriate activity, the best you can do is the following:

  • Test your site or the site you’re visiting to see if it’s vulnerable. You can do that by following this link and following the instructions there.
  • If you find out a site you own is vulnerable, update your version of OpenSSL to version 1.0.1g, which addressed the Heartbleed problem.
  • As a general user of the internet, a good idea might be to change your usernames and passwords for sites you do business with. Just make sure the site has addressed this problem first, or the credentials update will be a little moot; if the security problem hasn’t been fixed yet, you’d just be providing new data that could just as easily be stolen.

For more information about the Heartbleed bug, you can visit Codenomicon.com for the latest news or Heartbleed.com for more in-depth information about the bug.

Beyond the COM: Library Team Field Trip to the Downtown Public Library

Two weekends ago, the library staff was able to get out of the office and spend an afternoon together at the Orange County Public Library in Downtown Orlando. Specifically, we dropped in to visit the Dorothy Lumley Melrose Center for Technology, Innovation and Creativity. We tweeted about the visit at the time; check out our Twitter account if you missed hearing about it or want to see additional pictures!

recording studio

Audio Production Studio at the Melrose Center

The center itself is located on the 2nd floor of the library, and covers  26,000 square feet of space. Guests in the center have access to the Video Production Studio, Audio Production Studio, Photography Studio, Simulation Lab, Fabrication Lab, and much more. Further, the library offers lots of classes each month, and provides top software to use on all of the computers in the center.

 

Prior to use, all interested users need to complete a general  orientation and register for a photo-ID card to be used to access the center services. Separate orientations and training for each of the specialized studios and labs wanting to be utilized by each patron in the center must also be completed  before that resource can be used.

Our boss, Nadine, enjoying the giant Interactive Wall.

Our boss, Nadine, enjoying the giant Interactive Wall.

Perhaps the most impressive part of these offerings is that most of the services are absolutely FREE to Orange County Library District cardholders; if you already have an Orange County Library Card, you’re halfway to enjoying the center to the fullest! Patrons outside of the Orange County Library District can also enjoy the center at a reasonable charge. For more information on booking fees for cardholders and non-cardholders, you can check out their website.

One of the main reasons we decided to visit the Melrose Center was because we heard they had a 3D printer in their possession. Lately, we’ve been really interested in 3D printers and what the they can do. It’s been interesting to think about 3D printers in the context of how they could be used in medical education. We’d never seen one up close and in person, so when we saw we could get a demo of one, we were pretty excited about it. Printing an object can take some time, but the staff member we worked with chose a small and simple object to print, and the whole process took around 5 minutes or so to complete. The printer being used at the time was the MakerBot Replicator 2.

Here’s a short video of that demo for you to enjoy! You’ll hear briefly about what 3D printing entails, how the printer prints, and what sort of maintenance a 3D printer requires. (If you have difficulty hearing the voice audio, turn on Closed Captioning!)

Incidentally, this video was made and edited in iMovie – the iOS App and the desktop version! If you want to know more about making your own short movies in iMovie, feel free to come by the Health Sciences Library and Natasha can give you a quick demo.

Our library’s mission is to provide the COM students, staff, faculty, and community with evidence-based information resources using the latest innovative technology. We want to support the education, research, and patient-care initiatives of the College in a number of ways. This trip allowed us to get a close look at what some of our colleagues in the public library system are doing with cool new technology for their patrons. The more we learn about what others are doing, the more innovations we can work to bring to our library space to share with the COM.

 

naw