pwaller – ScraperWiki Extract tables from PDFs and scrape the web Tue, 09 Aug 2016 06:10:13 +0000 en-US hourly 1 58264007 Scraperwiki’s response to the Heartbleed security failure Wed, 09 Apr 2014 17:07:17 +0000 Et tu, HeartbleedFailure

“Catastrophic” is the right word. On the scale of 1 to 10, this is an 11.

― Security expert, Bruce Schneier, responds to Heartbleed

On Monday the 7th of April 2014, a software flaw was identified which exposed approximately two thirds of the web to the risk of catastrophic security failure. The flaw has been dubbed “Heartbleed“.

The potential for exploiting this has now been mitigated by many providers, including ScraperWiki. The ramifications are only slowly becoming understood.

We at ScraperWiki recommend that you change your passwords on all websites of importance to you, especially with your bank, email and anything that can be used to impersonate you; regardless of whether you have used those passwords anywhere else.

What’s the problem?

It turns out that there was a programming mistake in a piece of software
which underpins a significant portion of the web. Anyone who understood the mistake could ask most websites on the internet to tell them the credentials (passwords and usernames) of random people.

On Monday night, the mistake became known to hundreds of thousands of people around the world, good guys and bad. Since the attack can be automated to rapidly divulge potentially millions of credentials, it is very likely that large numbers of our passwords are now compromised.

The nature of the leak means that it is very difficult if not impossible to know if information was stolen for the whole time the mistake was present, since 2012. However, as of writing, there is no positive evidence that it was exploited before the announcement on Monday evening.

What does that mean?

It means that for a period of approximately 12-48 hours anyone could download a program which could be pointed at many websites on the internet — including the likes of banks, social media websites, email and ScraperWiki — and obtain passwords for users who recently logged in, along with other data which could be used to impersonate them, with no audit trail.

How has ScraperWiki responded?

Immediately upon learning of the vulnerability, we upgraded our servers and restarted them, making them safe against this attack.

Out of an abundance of caution we re-keyed our servers, obtained new SSL certificates and invalidated all login sessions – meaning you will have had to re-enter your password to access your data on ScraperWiki.

We’ve also reviewed our security practices and beefed up our servers to enable the latest encryption technology to keep your ScraperWiki credentials and data safe, should other attacks of this nature be discovered.

The effects of Heartbleed may be felt for some time. The internet hosts of the world are reeling from this event. It is worth your while to take a moment to protect yourself by changing your passwords now.

A person, slowly gulping and blinking with text reading

A systems administrator hearing about heartbleed for the first time
(courtesy of “Devops reactions“)


Hi, I’m Peter Mon, 12 Aug 2013 16:06:42 +0000 avatar.. and I’m the new guy. I’ve just completed my PhD in particle physics on the ATLAS experiment at CERN. I loved the physics (because “searching for extra dimensions of space” sounds so cool!) but after 8 years I decided I wanted to do something different. At heart, I’m a programmer and a hacker who is fascinated by computers and the immense power they put in your hands. We live in an age where a single person can sift through billions of records in an instant. Even today I repeatedly find myself saying “we live in the future, Man”. Yet we take Google (or DuckDuckGo) for granted.

On my travels I have spent a lot of time with the lower levels of the machine, writing an optimized data format for ATLAS’ huge amount of data. I also collaborated with friends on a tool for visualizing the nature of our proton collisions. My default state is to be immersed in code and data.

I was searching for a new job to start my future career outside of academia and there was little to be found. Outside of London or Silicon Valley, there seemed to be very few companies in the world — let alone in my locality — which understood who I was and what made me tick. It is very fortuitous that I’ve found myself working with this band of awesome people on stuff we care about at ScraperWiki.

In the short term, the focus of my efforts will be building tools for ScraperWiki’s new platform and enhancing the platform itself to make it work faster so that we can provide deeper value to our customers. In the medium term I’m hoping to introduce Docker to our toolset and eventually expose it to our users, so that you can trivially run your tools and code anywhere!

Think I might be able to help you? Shoot me a mail.