Tag Archives: Technical

The Heartbleed Bug and the Zooniverse

On Monday Internet security researches discovered a critical vulnerability in a piece of of software called OpenSSL. The so-called Heartbleed vulnerability affected numerous sites on the Internet that rely on OpenSSL to provide encrypted connections over HTTPS. This bug has been present in the library since March of 2012 and allows malicious users to gain direct access to the memory of a server terminating an HTTPS connection.

We want to let our users know that we were among almost 66% of sites on the Internet vulnerable to this bug, and your data (including your Zooniverse password) might have been compromised due to this exploit. As of now, all our infrastructure has been updated to secure against the Heartbleed vulnerability, and our SSL certificates have been changed.

Unfortunately given the nature of the vulnerability we cannot know what, if anything, may have been obtained, but as a precaution we are recommending that our users change their passwords on the Zooniverse just in case.

 

User accounts migration

This morning we made some major changes to the way you manage your account with Galaxy Zoo and the Zooniverse. Previously all account management (e.g. changing your email address) was done through the Galaxy Zoo site however the changes that we made this morning have moved those pages to the Zooniverse Home.

From the Zooniverse you can now manage your profile for both the projects (such as Galaxy Zoo) and also any of the Zooniverse forums. I’ve recorded a quick screencast demonstrating the changes here.

As part of the update today we also upgraded the Galaxy Zoo forum to the latest (and greatest) version of SMF. The changes we made today were made possible by the hard work of the whole Zooniverse developer team, in particular Jarod Luebbert and Pamela Gay – thanks for your help guys!

We hope you like the changes!

Cheers
Arfon