Category Archives: Library

@MiddInfoSec: Don’t Get Hooked

You may not realize it, but you are a phishing target at school, at work, and at home. Phishing attacks are a type of computer attack that use malicious emails to trick targets into giving up sensitive information. Ultimately, you are the most effective way to detect and stop phishing scams. When viewing email messages, texts, or social media posts, use the following techniques to prevent your passwords, personal data, or private information from being stolen by a phishing attack.

    • Verify the source. Check the sender’s email address to make sure it’s legitimate. Remember that the name of the sender is not the important part. The sender’s email address is what you are really looking for. If in doubt, forward your message to phishing@middlebury.edu.
    • Read the entire message carefully. Phishing messages may include a formal salutation, overly-friendly tone, grammatical errors, urgent requests, or gimmicks that do not match the normal tone of the sender.
    • Avoid clicking on erroneous links. Even if you know the sender, be cautious of links and attachments in messages. Don’t click on links that could direct you to a bad website. Hovering your mouse over a link should disclose the actual web address that the link is directing you too, which may be different from what is displayed in the message. Make sure this masked address is a site you want to visit.
    • Verify the intent of all attachments with the sender before opening them. Even when you know a sender, you should never open an attachment unless have checked with the sender to verify the attachment was sent intentionally. Word and Excel documents can contain malicious macros which could harm your computer. Other files, such as zip files and PDF files, could download malware onto your system. Always verify the intent of attachments with the sender before you open them from an email.
  • Verifying a message is always better than responding to a phish. If you ever receive a message that provides reason to pause, it is always better to forward the message to phishing@middlebury.edu or to send a separate email to the sender to verify its intent, before clicking a link or opening an attachment that could potentially impact the security of your computer..
  • Change your passwords if you have fallen for a phish. If you think you have fallen for a phishing attack, change your password at go/password and then contact the helpdesk at x2200. It is also a good practice to change your personal passwords outside of the College.

 

Watch for phishing scams. Common phishing scams are published at sites such as http://IC3.gov , http://phishing.org ,https://www.irs.gov/uac/Report-Phishing. These resources will also allow you to report phishing attacks if you should fall victim outside of the College. Again, if you think you have fallen victim to a phishing attack, always start by changing your passwords.

What’s an Approval Profile, and Why Does the Library Want to Change Ours?

A brown-bag lunch will be held on May 3 at 12:30 pm, in the Crest Room of the McCullough Student Center, to explore the subject of the library’s approval profile. Douglas Black, the library’s Head of Collections Management, will be presenting, with some sweets and coffee to augment your own lunch. He’ll give some history of the approval program in library acquisitions over the years and lead discussion on its role in the academic library collection of the 21st century.

For context, the library selects, acquires, and provides access to materials in many different ways:

  • upon request by students, faculty, and staff
  • automatic purchase of e-books and streaming media based on usage
  • subscriptions
  • package deals on journal subscriptions and purchased journal archives (“backfiles”)
  • one-time purchases of electronic databases, which often require annual maintenance fees
  • gifts/donations
  • and through automatic purchase via an “approval profile.”

Under the approval model, the library utilizes a library vendor (in our case, YBP Library Services) to purchase automatically books that meet certain criteria (e.g., subject, hardbound only, no workbooks, scholarly publishers only, within a certain price range, etc.).  Middlebury typically purchases about 3,000 volumes/year this way, at an average annual cost of $97,000 in the last few years. We recently conducted a thorough analysis of the program’s effectiveness, finding that print books purchased through the approval profile are used much less than those specifically requested. The library believes some of that money could be spent more effectively and would like to gather input from members of the campus community on reshaping the profile.

Please feel welcome to contact your liaison or Douglas Black (dblack@middlebury.edu or x3635) with any questions (whether or not you can attend the meeting), or comment here in the blog.

Middlebury’s Google Apps for Education – Account status

As we continue to integrate Middlebury services with cloud providers like Google Apps and Microsoft Office 365, we are aware of possible account conflicts that may arise. In particular, on Monday, April 25th, we will begin automatically syncing Middlebury Google Apps accounts for all students, faculty and staff with @middlebury.edu or @miis.edu addresses. This may result in conflicts for those who have been using stand-alone Google services with an account that you set up to use your Middlebury address but was not provisioned by ITS in our Middlebury Google Apps instance.

What if I have registered my @middlebury.edu address for stand-alone Google services?

If you have been using stand-alone (i.e. not Middlebury Google Apps) Google services with your @middlebury.edu address, you have what Google considers to be a “conflicting account”.

How can I tell if the account I’m using now is a personal or institutional account? 

Try logging out and logging in again. If you enter your Google account password at Google’s login page, that’s a personal stand-alone account and the above considerations apply. If instead you enter your Middlebury e-mail and password at our new login page, that’s an institutional account and you’re all set. You can also watch this video.

Do I need to do anything now?

Yes. Watch the video above and follow the steps to determine if you have a conflicting Google account. If so, it will be much easier to download your documents prior to the sync. This provides you with an archival copy of all documents for which you are the owner.   After the sync, you will be able to place desired documents into your Middlebury Google Apps account.

To download the documents you own:

  1. Login to the Google account that uses your Middlebury email address.
  2. In the upper right corner, click on the icon for your account and click on the “My Account” button.
  3. In the “Personal info & privacy” column, click on “Control your content”.
  4. In the Download your data section click on “CREATE ARCHIVE”.
  5. Under the “Select data to include” section, click the “Select none” button to clear all of the selections.
  6. Click the check box for “Drive” and click “Next” at the bottom of the page.
  7. In the window that appears, leave all options as they appear and click the “Create archive” button. You will see a progress window. When the archive is complete, you will receive an email from Google at your Middlebury email address that indicates the completion of the archive process.
  8. In the email, click on the “Download archive” button.
  9. You will be taken to a Google login screen. Login.
  10. You will see the archive. Click on the “Download” button.
  11. Look in your downloaded files location. You will find a folder named “Takeout” which will contain your files.

After the accounts are synced, any Middlebury-related documents (Docs, Sheets, Slides, or files in Google Drive) that you created with your personal account need to be uploaded to your new Middlebury Google Apps account.

The download process removes all sharing and converts the Google documents to Microsoft format: Docs to Word, Sheets to Excel, and Slides to PowerPoint. If you wish to share these as collaborative documents again, you must first upload (drag and drop) the files to your new Google Drive, then click on them and open them in the Google version of the application. You will then be able to share the document with others.

What if I wait until after the sync occurs?

You will still be able to download your files, though it is a more cumbersome process. ITS can provide assistance if you have not done this prior to the sync.

Can I still access Google’s services for my personal use?

You can choose to maintain a separate account for your personal use of any Google services under a non-middlebury.edu address. If you have multiple Google accounts, the username that appears at the upper right corner of most Google services will help you ensure that you’re using the intended account.

What if I have questions about this?

Please email any questions about this change to helpdesk@middlebury.edu.  Or create an helpdesk ticket.


Defining and avoiding conflicting accounts
https://support.google.com/a/answer/185186

Help with your conflicting account:
https://support.google.com/accounts/troubleshooter/1699308?rd=2

Moving your personal data between accounts:
https://support.google.com/accounts/answer/1109839?hl=en&ref_topic=30035


 

Digital Surrealism as Research Strategy April 5th

Please join us Tuesday, April 5th at 12:15 PM in the CTLR Lounge for a lunchtime discussion with Kevin Ferguson on some playful and interdisciplinary approaches to digital scholarship that use technologies developed in other fields (like the medical imaging software ImageJ) to answer humanistic questions. Lunch will be served, so please RSVP here. He also has some free time during the day on Wednesday, so if you’d like to learn more about ImageJ or chat with him email Alicia Peaker with your availability.

Most digital humanities approaches pursue traditional forms of scholarship by extracting a single variable from cultural texts that is already legible to scholars. Instead, this talk advocates a mostly-ignored “digital-surrealism” that uses computer-based methods to transform film texts in radical ways not previously possible. The return to a surrealist and avant-garde tradition requires a unique kind of research, which is newly possible now that humanists have made the digital turn. I take a surrealist view of the hidden in order to imagine what aspects of media texts are literally impossible to see without special computer-assisted techniques. What in the archive is in plain sight but still invisible? What in the cinema is so buried that our naked eyes are unable to see it? Here I present one such method, using the z-projection function of the scientific image analysis software ImageJ, to sum film frames in order to create new composite images. I examine four corpora of what would normally be considered rather different types of film: (1) the animated features produced by Walt Disney Animation Studios, (2) a representative selection of the western genre (including American and Italian “spaghetti” westerns), (3) a group of gialli (stylish horror films originating from Italy that influenced American slasher films), and (4) the series of popular Japanese Zatoichi films, following the adventures of the titular blind masseuse and swordsman living in 1830s Japan.

Kevin Ferguson is an Assistant Professor of English and Director of Writing at Queens College (CUNY). He teaches undergraduate and graduate courses on college writing, contemporary literature, and film adaptation.

@MiddInfoSec: Phishing Alert – – “Update Announcements”

A phishing email message was sent to @middlebury.edu mailboxes today with a subject line of “Update Announcements”.  DO NOT RESPOND ON THIS MESSAGE!

The phishing email message is an attack designed to trick people into disclosing their username and password.  Do NOT follow the instructions in the message, as it could lead to your Middlebury account being compromised.

If you were tricked by the email and responded,  reset your network password immediately at go/password and then call the Helpdesk at x2200 for further assistance with your account and any possible concerns with your computer.

Here’s a sample of the phishing email message:


Dear middlebury.edu User.

Urgent Update Announcements.

Your middlebury.edu Account has been Sign in with a strange IP Address: And this indicate your mail account is been used for FRAUDULENT ACT, For these reasons, Our records indicate you are no longer our current/active user. Therefore, your account has been scheduled for deletion on this Month of APRIL, 2016. As part of this process, your account, files, email address messages etc, will be deleted from our Data Base.

To Retail Your Account.

You are required to reply with your valid ONLINE ACCESS for reactivation, to ensure Your account remains active and subscribed, Otherwise this account will be De-activated within the next 72 hours hence from now.

Name In Full:

User Name:

Pass Word:

@middlebury.edu

Thank You.



 

Come Secure your Mobile Device

Learn about Mobile Security

Plan ahead for an afternoon RoadShow and Workshop with Middlebury ITS staff on March 30th from 2:00pm to 4:00pm in Davis Family Library 145.

This is an opportunity for you to ask questions and get hands-on help securing your mobile device(s):

  • How do I add a pin to my mobile device
  • Is my device encrypted
  • How do I track my device if lost
  • How do I remote wipe my device
  • How do I ensure my data is backed up

Image 001

ITS Staff will be present to help you secure your mobile device, so bring your iOS, Android, and/or Windows Mobile device(s)!

Follow Information Security on Twitter @MiddInfoSec.

Has an ebook gone missing?

Noticed that an ebook you’ve previously seen no longer appears available? There are several possible reasons, but the most likely one right now is that it was removed from our collection because of its cost. The library has many sources for ebooks, and the largest one is a company called Ebook Library (EBL). We have some 200,000 EBL records in our catalog, of which we own only .6%. The rest are there for access as needed, and we don’t pay for them until they’re actually used. This is a recently developed program called Demand-Driven Acquisitions (DDA). A vastly oversimplified description is that for the first four uses, the library pays a percentage of the full purchase price, and the fifth use triggers an automatic purchase. DDA lets us offer a tremendous range of ebooks at a small fraction of the full purchase price. Over the last four years, we’ve paid less than $500,000 for access to more than $8 million worth of books.

However, in the last two years, many publishers have decided they weren’t making enough money, so they dramatically hiked their fees for those first four uses, which has sent our library’s costs skyrocketing. We’ve shifted some funds from print purchasing to cover the additional ebook costs, but the only way to moderate expenditures for the longer term is to remove the most expensive titles, along with titles from the most expensive publishers.

What to do? If you’re not finding something you’d previously seen, or if you come across a catalog link that doesn’t work (removing the catalog records tends to lag behind the actual ebook access), email us right away, and we might be able to get it back. If we can’t, we’ll work on finding another way to lay hands on the material for you.

Beware of Fake Order/Fake Invoice Emails with Malicious Attachments

Attackers commonly use the macro functionality found in Microsoft Word and Excel to attack their victims. They attach malicious documents to an email. When opened, the files can lead to a virus infection on your computer.  If you ever get a message with any of these attachments, particularly if you were not expecting it, do NOT open the attachment.

We have received reports for faked order confirmation and fake invoice emails this week that have been well crafted. The faked emails included malicious Microsoft Word documents bearing malware. A couple of examples are included below.

ALWAYS verify unexpected emails with the sender, particularly if they include attachments.

NEVER open attachments that you are not expecting without first verifying they are legitimate with the sender.

If you do open an attachment or file that you suspect is malicious unplug your network cable and contact the helpdesk at x2200 immediately.

fake-invoice-email fake-order-summary-email