Overview's response to the Heartbleed security vulnerability

UPDATE: we have installed our new SSL certificates. If you are an Overview user, you should have received and email asking you to reset your password, by clicking on the reset it link on the login form. Please reset your password! If you are concerned that someone may have gained unauthorized access to your documents, we can work you to audit our server logs to see if anyone who wasn’t you used your password.

This completes Overview’s recovery from Heartbleed.

You may have heard that, a few days ago, a serious bug called Heartbleed was discovered in a piece of the software that powers much of the web, including Overview.

This bug could allow an attacker to intercept and decode secured connections to our server, and thereby gain access to your password and then your private documents. Due to the nature of this bug there is no way for us to know if any accounts have been compromised.

We have already upgraded our servers so they do not have this vulnerability. Unfortunately, if anyone compromised our secure connections previously they may still be able to do so. We are working with our provider to get new SSL certificates to fix this problem. We are told this will take a few days.

When this is done, we will send out a mass email asking everyone to reset their password.

We apologize for the inconvenience. It’s a breathtaking bug, and we and the rest of the web are recovering as fast as we can.




VIDEO: What the Overview Project does

Here is my talk from the wonderful Groundbreaking Journalism conference in Berlin last week, plus the panel afterwards. This is a great short introduction to what the Overview Project has done, and where we are going — we see ourselves as a pipeline from the AI research community to usable applications in the social sector.

My talk is 15 minutes, followed by a panel on “What software does journalism need?”