Category Archives: Uncategorized

Library Software Upgrade Scheduled

upgrade

The Upper Hudson Library System has scheduled an upgrade of our library management software for 4:00 AM on Tuesday, April 19th.  The process should be completed long before the libraries open.  However, you may experience difficulty logging in to use remote library services (catalog, library account, OverDrive, etc.) during the upgrade.  Thank you for your patience.

Android Security Gets Stagefright

androidA new and nasty vulnerability in the Android operating system, dubbed “Stagefright”, has recently come to light.  Initially, it was reported that this bug would allow a hacker to gain control of an Android device with only a text message.  Once in your phone, a hacker could steal or take over anything on your device and then infect everyone in your contacts.  Until device manufacturers and wireless carriers can issue a fix, Android users were advised to disable the setting to “automatically retrieve” MMS messages in their texting app and Google Hangouts.

A week later, it was reported that the infection could not only arrive via text, but could also be embedded in any number of apps or websites just lying in wait.  Because the bug is surrounded by “safe coding”, security software will not necessarily catch it.

The good news is, lots of people are working on fixing this.  In fact, Samsung and Sprint have already worked together to release a fix for the Samsung Galaxy Note 4.  Unfortunately, their fix only works on that device.  Many more fixes will need to be generated and pushed out to patch up the nearly 950 million vulnerable Android devices out there.  If you are an Android user, be on the lookout for available updates for your device.

For more information about Stagefright, Fortune.com has an excellent article and Q&A on the subject.

Has your device been infected?  Tell us about it in the comments.

 

iOS Mess

8iOS 8, the latest operating system for iPhone, iPad, and iPod Touch released on September 17th, has had a less than impressive debut.  At first, it appeared to be unstable, causing crashes.  Apple hurried to release the 8.0.1 patch, and the new software seemed to cause more problems than it fixed.  Despite the fact that Apple quickly made the 8.0.1 patch unavailable, several people were stuck with updated (read: broken) iDevices.  Apple states that iOS 8.0.2 is on the way, but if you are one of the unlucky folks looking for a way to downgrade back to iOS 8, follow these simple instructions from ReadWrite.  If you feel that upgrading to iOS 8 was a mistake altogether, hurry and check out ReadWrite’s instructions for downgrading back to iOS7, which may only work for a limited time.

Are you waiting to upgrade your Apple device?  Let us know in the comments.

 

Time to Change All of Your Passwords. Seriously.

thiefYesterday, news broke that a Russian crime ring known as CyberVor has stolen over a billion username/password combinations, as well as a half billion email addresses from popular sites all over the web.  While there is currently no way to confirm whether your information has been compromised, or even which websites have been hit, it would be prudent to assume that at least one of your online accounts has been jeopardized, and take action to ensure the security of all of your online accounts.

When creating new passwords for your accounts, do not reuse passwords for multiple accounts.  That way, if one of your accounts gets hacked, criminals won’t automatically have access to more of your accounts.  There are several strategies for making sure the new passwords you create are secure.  See this list for ideas.

Two-factor authentication (a.k.a. two-step verification) is another option provided by some websites that offer can offer an additional layer of account protection.  For example, after entering my username and password at my bank site, I am always prompted to answer at least one of my pre-defined security questions.  Another site that offers two-step verification is Gmail (more info).  For more sites that offer two-factor authentication, check out this article by Lifehacker.

A couple of additional security tips:

  • Do not set your computer/device to remember passwords.
  • Make sure your computer/device is set to lock when it “sleeps” or you walk away from it.  It may be inconvenient to keep logging in, but it will be even more inconvenient if your information gets stolen.
  • Avoid logging into sensitive sites on public Wi-Fi if at all possible.  Other users on the same network with the right software may be able to see your information as it is being transmitted.

While no online account is completely safe from hacking attempts, creating strong, unique passwords, using two-factor authentication, and only accessing accounts on secure network connections go a long way toward keeping your digital information out of the hands of criminals.

Do you have any additional security tips to share?  If so, please share them with our readers in the comments section below.

 

Internet Explorer Found to Be Vulnerable

This past Saturday, Microsoft announced that a major vulnerability was found in all supported versions of its internet browser, Internet Explorer.  Even if you know and follow the rules for surfing safely, you are still vulnerable.  Microsoft has not yet released an update or “fix-it” to address the issue.  The best (and easiest) way to protect yourself is to switch to a different internet browser, such as Mozilla Firefox, Google Chrome, or Opera. There are some software settings and downloads that can help increase the security of IE, but these may require more tech savvy than some people care to muster.

For more details about the vulnerability, along with suggestions for increasing the security of your Internet Explorer installation, check out this article at the blog “Krebs on Security.”

What You Need to Know about the Heartbleed Bug

heartbleedIn case you haven’t heard, a vulnerability dubbed “Heartbleed” has been discovered in the encryption protocol that many secure websites use.  If you’d like a basic explanation of Heartbleed, The New Yorker did a great job of boiling it down.  Early speculation on which sites were affected and how users can best protect themselves varied widely.  Since the IT teams of individual organizations have had time to address the issue, we now have a clearer idea how to proceed.

The first step is to find out which sites you use that may be compromised and change your passwords at those sites.  Mashable create a fantastic chart to help you with this.  Keep in mind, this is by no means a complete list.  If you login to sites that aren’t on this list, check with each site to see if it is vulnerable and/or has addressed the problem.  For instance, Key Bank was not on Mashable’s list, but a quick visit to their website revealed that they do not use the vulnerable encryption software.

Of course, if you change your password but use that same new password at every site, you will remain vulnerable for other reasons.  If you have trouble keeping track of passwords, you may want to consider using a password manager.  For a guide to creating passwords, check out this guide from MakeUseOf.

Got questions?  Let me know in the comments and I’ll find answers.

 

OverDrive Digital Bookmobile Returns!

DigitalBookMobile.LogoLast year’s digital bookmobile event was such a success that we’ve asked them to roll through again this year!  On August 19th from 10am to 4pm, the OverDrive Digital Bookmobile will be in our parking lot to educate patrons about our downloadable collections.  First, venture inside the air-conditioned bookmobile and check out their exhibits.  We’ll have staff outside the bookmobile to answer your questions and help you get started using our downloadable e-books and audiobooks.

Are you already a user of our OverDrive collections?  Stop by and let us know what you think!  Your opinions are important to us.  We can also chat about what’s next for OverDrive.  On April 20th, OverDrive is releasing a new and improved mobile app, and we’ll be happy to show you what’s new.

We look forward to seeing you there!

When Will It Go Bad?

Food Date Myth

No, I’m not getting philosophical – just being practical. I found a great site called “EatByDate” that can tell you how long food actually lasts under different conditions.  You can browse by category or search for a specific food.  Not only will you get specific advice based on how the item is packaged and stored, this site will also tell you how to identify spoiled foods and offer tips on extending shelf life.

Do you have a practical site you’d like to share?  Let me know in the comments.

Trouble Contacting Us?

If you tried to use our library’s contact form on February 15th or 16th, you may have had some trouble.  Yesterday, I received an email from JotForm, the service we used to create and host our form.  The email stated that the JotForm.com domain had been suspended by GoDaddy, and proceeded to give instructions on how to get the form up and working again easily.  I must say I was very impressed by the speed at which JotForm users were contacted with a solution to this issue.  In fact, no one had even complained about the form on our site being broken yet!  I am thankful we weren’t one of the users who had upwards of 50 forms to fix, though.

Because the email was vague, my curiosity got the better of me, and I did a bit of research.  As it turns out, GoDaddy was responding to a government order, and JotForm was under investigation by the Secret Service.  Despite my initial panic (what had I gotten the library into?!?), I read on to learn that one of JotForm’s millions of users *might* be using JotForm for a phishing scam.  JotForm was eager to work with the government to resolve the issue, but was put off because “a few days” were needed to review the case.  Meanwhile, those millions of users are stuck finding staff/personal time to fix all of those forms.  My question is, why couldn’t the case have been looked at *before* shutting down an entire domain with no warning, inconveniencing all those people and companies?  I can appreciate the interest in protecting the public from a phishing scam, but the reaction seems a bit like clear-cutting a forest to take care of a single diseased tree.  It also feels a bit like SOPA/PIPA to me.  Is anyone else nervous?

For more on the JotForm story, see this c|net article.