Weekly: Elections, Security & Crowdmap Maintenance

Ushahidi
May 2, 2012

We have few major updates this week including a security patch, our community developer call recording and an upcoming research workshop. Here are some highlights from the Ushahidi weekly:

Citizen Lab Cyber Security Research and Policy Workshop

Citizen Lab, Canada Centre for Global Security Studies and the Open Net Initiative are hosting a Cyber Security Research and Policy Workshop: Issues for Latin America (Panama). I'll will be sharing some Lessons Learned from Emergency Response and Election Monitoring. Miradorelectoral Guatemala miradorelectoralguatemala.org (note: this website auto-plays radio) I've collected a summary of blog posts and research from deployers. If you have any comments or feedback for the researcher, feel free to share. I will add your comments into my presentation with credit.

Crowdmap Maintenance: Thursday, May 3rd, 2012 (GMT)

We will be performing Crowdmap maintenance beginning on Thursday, May 3rd at 2:00am - 8:00am GMT (other timezones). We do expect downtime during this period so please plan accordingly. We will be moving our databases to new servers for better resiliency to prevent downtime and failure moving forward. This is one of the steps we are taking related to unexpected downtime from our hosting provider mentioned here and here on the Ushahidi Blog. Crowdmap

Security Patch

On April 27, 2012, Dennison Williams reported a security vulnerability with the Ushahidi web application. The vulnerability allows unauthorized users to gain admin access to Ushahidi deployments through a fake authentication cookie. Session data was stored in a cookie, and while encrypted, the encryption key is never changed. This leads to any Ushahidi session cookie being valid and usable on any other Ushahidi installation. More details. Please update your deployments. (Crowdmaps have been updated.) Thank you Dennison for your leadership.

Community Developer Call

The Ushahidi Community Developer call was on April 30th/May 1st. Attendees (16) provided overviews of OpenGeo SMS, Offline/Online Applications and OccupyMap. Dale and Henry answered mobile development questions. Then, we did a deep dive on security issues and how to improve our workflow and software. Great feedback and participation: Monthly Developer Community call (audio recording is about 1 hour and 12 minutes). Slayer wrote a great summary.

Read the Ushahidi weekly

More in the Ushahidi weekly report for April 24- May 1, 2012. We post all our Ushahidi weekly reports on the wiki and community site. It is open for anyone to talk about their deployments, presentations and ideas (if related to Ushahidi community).