My latest at ProfHacker: A Not-so-gentle Reminder about Security: Heartbleed

A couple of days before yesterday’s post was scheduled to run, we started hearing about the Heartbleed Bug.

This is a nasty one. It’s been out for quite a while, and it’s a flaw in a software library that’s used by a very high number of websites. Check the link above for the details of just how nasty the bug is.

What can readers do to protect their data?

An important part of the necessary response is beyond any individual user’s control. If a website was using the affected version of OpenSSL, its administrators have to apply the needed patch; until they do, the site is still vulnerable (and there may not be much point to changing your password until the patch is applied). CNET is keeping (and updating) a list of the top 100 sites with information about whether they’re still vulnerable, have been patched, or weren’t vulnerable in the first place;  it’s a good place to keep checking.

This is also a good time to pay attention to those emails (that you might ignore at other times) from the services you use most frequently; while such emails are frequently little more than advertising, this time around they might not be. At least open them up to check.

You might not want to depend on CNET’s list or wait for those emails, though. Some makers of password managers are currently providing online checkers, as PCWorld noted April 9. Those checkers might not be perfect, but they’re not a bad place to start.

Once a vulnerable site is patched, things are back in your hands, and it’s time to change your passwords on the affected sites. Here’s where a password manager may, once again, be a very useful tool, as it can generate strong passwords for you that you needn’t remember, so long as you can recall your master password. And two-factor authentication is still worth the time and trouble.

Did the Heartbleed Bug affect many of the sites you use? How well did those sites do with communication regarding the bug? Has the situation been resolved? Let us know in the comments.

[CC-licensed image by Flickr user Steve Brand]

from ProfHacker » Amy CavenderProfHacker – Blogs – The Chronicle of Higher Education

My latest at ProfHacker: A Gentle Reminder about Security


[Editor's note: We will publish a follow-up post next week about the Heartbleed Bug, which has been making headlines this week.]

There are a lot of benefits to doing much of our work online. Collaboration with far-away colleagues is easy, we can have ready access to our work no matter what device we’re using, and having our work backed up in the cloud can be reassuring.

But there’s danger as well, unfortunately. In just the past two months, at least four universities in the United States have been victims of data breaches: the University of Maryland, Indiana University, Johns Hopkins University, and the North Dakota University system. That’s more than a little frightening, and there isn’t always a lot we can do (at least, not directly) when others are responsible for keeping our data safe.

When we’re the ones responsible for securing our data, however, there are some steps we can take. We could take the William Adama approach and simply refuse to use networked computers. Period. Most of us aren’t likely to find that approach either realistic or attractive, of course, so we need to take reasonable precautions to make sure our data is protected.

Fortunately, there are some useful things that are fairly simple to do, if the data you’re working with needs to be secure. If it does, the following courses of action might be helpful:

  • Consider using a “zero-knowledge” cloud service such as Spideroak for your most sensitive files.
  • Encrypt your files before backing them up or syncing them via a cloud service.
  • Use a password manager to create strong passwords that you don’t have to remember yourself (just be sure you don’t forget your master password!).
  • Use two-factor authentication with any service that offers it.
  • Be sure to secure your phone and/or tablet with a passcode.

What additional approaches to security would you recommend to other readers? Let us know in the comments.

[CC-licensed photo by Flickr user Uwe Hermann]

from ProfHacker » Amy CavenderProfHacker – Blogs – The Chronicle of Higher Education

Planning for a Thursday Brown-Bag

This coming Thursday, I’ve been asked to participate in a brown-bag session on my campus focusing on institutional repositories, open access, and digital scholarship. I’ve been asked to take up the latter of those three, and I’ve been spending some time today thinking about what to say.

I won’t have much time, especially since we’ll want to leave time for questions and conversation. Still, even if I only have ten minutes or so, I think I can give my colleagues some good things to think about, especially if I also provide a handout (digitally, of course!). So here’s what I’m thinking:

If time permits, I might mention a few tools, but I suspect that’s better saved for a handout, given time constraints. (The ones for Literary New Orleans would be great if time allows, since they’re tools that don’t have a steep learning curve.)

Thus endeth my Day of DH 2014 — which has actually been pretty typical.

from Day of DH 2014: Amy Cavender


A good chunk of my work day involves reading, which is unsurprising. Part of that reading is keeping up with what other academics are doing, not just in formal publications, but in their day-to-day writing. To help me with that, I subscribe to a good number of RSS feeds, which I typically read during the lunch hour.

Today I came across two gems. Neither one is about digital humanities in the sense of text mining or GIS, but both address issues that people who care about digital scholarship tend to think about a lot.

The first is from fellow ProfHacker Brian Croxall, who is also participating in Day of DH: “Digital Identity.”

The second is from Catherine Pellegrino, one of my colleagues here at Saint Mary’s, and should be of interest to those who think open access is important: “Walking the walk may be trickier than it first appears: An open access publishing story.”

Both pieces are well worth the time it takes to read them (and neither will take very long).

from Day of DH 2014: Amy Cavender