Tag Archives: library

Looking for an Ebook You Once Saw Here?

Has an ebook you’ve previously used disappeared from our catalog? Never fear! We’ve had to make some cutbacks at the end of the fiscal year (lots and lots of requests for new material this year), but if you need to regain access to something that no longer appears, we may be able to get you back in. Just email us the title at researchdesk@middlebury.edu, and if it’s still available to us, we’ll get you back up and running with it.

@MiddInfoSec: Don’t Get Hooked

You may not realize it, but you are a phishing target at school, at work, and at home. Phishing attacks are a type of computer attack that use malicious emails to trick targets into giving up sensitive information. Ultimately, you are the most effective way to detect and stop phishing scams. When viewing email messages, texts, or social media posts, use the following techniques to prevent your passwords, personal data, or private information from being stolen by a phishing attack.

    • Verify the source. Check the sender’s email address to make sure it’s legitimate. Remember that the name of the sender is not the important part. The sender’s email address is what you are really looking for. If in doubt, forward your message to phishing@middlebury.edu.
    • Read the entire message carefully. Phishing messages may include a formal salutation, overly-friendly tone, grammatical errors, urgent requests, or gimmicks that do not match the normal tone of the sender.
    • Avoid clicking on erroneous links. Even if you know the sender, be cautious of links and attachments in messages. Don’t click on links that could direct you to a bad website. Hovering your mouse over a link should disclose the actual web address that the link is directing you too, which may be different from what is displayed in the message. Make sure this masked address is a site you want to visit.
    • Verify the intent of all attachments with the sender before opening them. Even when you know a sender, you should never open an attachment unless have checked with the sender to verify the attachment was sent intentionally. Word and Excel documents can contain malicious macros which could harm your computer. Other files, such as zip files and PDF files, could download malware onto your system. Always verify the intent of attachments with the sender before you open them from an email.
  • Verifying a message is always better than responding to a phish. If you ever receive a message that provides reason to pause, it is always better to forward the message to phishing@middlebury.edu or to send a separate email to the sender to verify its intent, before clicking a link or opening an attachment that could potentially impact the security of your computer..
  • Change your passwords if you have fallen for a phish. If you think you have fallen for a phishing attack, change your password at go/password and then contact the helpdesk at x2200. It is also a good practice to change your personal passwords outside of the College.


Watch for phishing scams. Common phishing scams are published at sites such as http://IC3.gov , http://phishing.org ,https://www.irs.gov/uac/Report-Phishing. These resources will also allow you to report phishing attacks if you should fall victim outside of the College. Again, if you think you have fallen victim to a phishing attack, always start by changing your passwords.

What’s an Approval Profile, and Why Does the Library Want to Change Ours?

A brown-bag lunch will be held on May 3 at 12:30 pm, in the Crest Room of the McCullough Student Center, to explore the subject of the library’s approval profile. Douglas Black, the library’s Head of Collections Management, will be presenting, with some sweets and coffee to augment your own lunch. He’ll give some history of the approval program in library acquisitions over the years and lead discussion on its role in the academic library collection of the 21st century.

For context, the library selects, acquires, and provides access to materials in many different ways:

  • upon request by students, faculty, and staff
  • automatic purchase of e-books and streaming media based on usage
  • subscriptions
  • package deals on journal subscriptions and purchased journal archives (“backfiles”)
  • one-time purchases of electronic databases, which often require annual maintenance fees
  • gifts/donations
  • and through automatic purchase via an “approval profile.”

Under the approval model, the library utilizes a library vendor (in our case, YBP Library Services) to purchase automatically books that meet certain criteria (e.g., subject, hardbound only, no workbooks, scholarly publishers only, within a certain price range, etc.).  Middlebury typically purchases about 3,000 volumes/year this way, at an average annual cost of $97,000 in the last few years. We recently conducted a thorough analysis of the program’s effectiveness, finding that print books purchased through the approval profile are used much less than those specifically requested. The library believes some of that money could be spent more effectively and would like to gather input from members of the campus community on reshaping the profile.

Please feel welcome to contact your liaison or Douglas Black (dblack@middlebury.edu or x3635) with any questions (whether or not you can attend the meeting), or comment here in the blog.

@MiddInfoSec: Phishing Alert – – “Update Announcements”

A phishing email message was sent to @middlebury.edu mailboxes today with a subject line of “Update Announcements”.  DO NOT RESPOND ON THIS MESSAGE!

The phishing email message is an attack designed to trick people into disclosing their username and password.  Do NOT follow the instructions in the message, as it could lead to your Middlebury account being compromised.

If you were tricked by the email and responded,  reset your network password immediately at go/password and then call the Helpdesk at x2200 for further assistance with your account and any possible concerns with your computer.

Here’s a sample of the phishing email message:

Dear middlebury.edu User.

Urgent Update Announcements.

Your middlebury.edu Account has been Sign in with a strange IP Address: And this indicate your mail account is been used for FRAUDULENT ACT, For these reasons, Our records indicate you are no longer our current/active user. Therefore, your account has been scheduled for deletion on this Month of APRIL, 2016. As part of this process, your account, files, email address messages etc, will be deleted from our Data Base.

To Retail Your Account.

You are required to reply with your valid ONLINE ACCESS for reactivation, to ensure Your account remains active and subscribed, Otherwise this account will be De-activated within the next 72 hours hence from now.

Name In Full:

User Name:

Pass Word:


Thank You.


Come Secure your Mobile Device

Learn about Mobile Security

Plan ahead for an afternoon RoadShow with Information Security March 30th @ 2:00 in Lib145.

This is an opportunity for you to ask questions and converse on topics such as:

  • How do I add a pin to my mobile device
  • Is my device encrypted
  • How do I track my device if lost
  • How do I remote wipe my device
  • How do I ensure my data is backed up

Image 001

Get help securing your mobile device.

Join Information Security in Lib145 @ 2:00PM on March 30th.

Follow Information Security on Twitter @MiddInfoSec.

Has an ebook gone missing?

Noticed that an ebook you’ve previously seen no longer appears available? There are several possible reasons, but the most likely one right now is that it was removed from our collection because of its cost. The Library has many sources for ebooks, and the largest one is a company called Ebook Library (EBL). We have some 200,000 EBL records in our catalog, of which we own only .6%. The rest are there for access as needed, and we don’t pay for them until they’re actually used. This is a recently developed program called Demand-Driven Acquisitions (DDA). A vastly oversimplified description is that for the first four uses, the library pays a percentage of the full purchase price, and the fifth use triggers an automatic purchase. DDA lets us offer a tremendous range of ebooks at a small fraction of the full purchase price. Over the last four years, we’ve paid less than $500,000 for access to more than $8 million worth of books.

However, in the last two years, many publishers have decided they weren’t making enough money, so they dramatically hiked their fees for those first four uses, which has sent our library’s costs skyrocketing. We’ve shifted some funds from print purchasing to cover the additional ebook costs, but the only way to moderate expenditures for the longer term is to remove the most expensive titles, along with titles from the most expensive publishers.

What to do? If you’re not finding something you’d previously seen, or if you come across a catalog link that doesn’t work (removing the catalog records tends to lag behind the actual ebook access), email us right away, and we might be able to get it back. If we can’t, we’ll work on finding another way to lay hands on the material for you.

@MiddInfoSec: MacKeeper AdWare – Do Not Install

Several members of our community have recently reported being prompted to install MacKeeper on their Apple computers running Mac OS X. MacKeeper is malicious software of the adware variety. While MacKeeper offers legitimate services for a fee, it also opens security holes in your system that can introduce other forms of malware and adware which cause problems for your web browser and OS X operating system, such as performance or integrity issues. Do Not install MacKeeper!

MacKeeper is offered by the company Kromtech (formerly ZeoBIT) and has been identified in issues such as fraudulent installs masquerading as other anti-virus applications such as ClamXav. MacKeeper is also known for predacious distribution practices employing other adware to market and distribute their product through pop-up ads. It has also been used to distribute other malware exploits such as OS X/Agent-ANTU as reported by researchers at BAE and Sophos.

If you suspect that you may have installed MacKeeper please contact the Help Desk at x2200 for help removing this software.