Tag Archives: LIS Staff Interest

@MiddInfoSec: MacKeeper AdWare – Do Not Install

Several members of our community have recently reported being prompted to install MacKeeper on their Apple computers running Mac OS X. MacKeeper is malicious software of the adware variety. While MacKeeper offers legitimate services for a fee, it also opens security holes in your system that can introduce other forms of malware and adware which cause problems for your web browser and OS X operating system, such as performance or integrity issues. Do Not install MacKeeper!

MacKeeper is offered by the company Kromtech (formerly ZeoBIT) and has been identified in issues such as fraudulent installs masquerading as other anti-virus applications such as ClamXav. MacKeeper is also known for predacious distribution practices employing other adware to market and distribute their product through pop-up ads. It has also been used to distribute other malware exploits such as OS X/Agent-ANTU as reported by researchers at BAE and Sophos.

If you suspect that you may have installed MacKeeper please contact the Help Desk at x2200 for help removing this software.

@MiddInfoSec: Securing Mobile Devices

Information Security has a new Twitter feed and other new content on their website. Follow us at @MiddInfosec on Twitter or visit our website at http://go.middlebury.edu/infosec

Mobile devices have become one of the primary ways that we communicate and interact with each other. Powerful computers now fit in our pockets and on our wrists, allowing us to bank, shop, view our medical history, work remotely, and communicate from virtually anywhere. With all this convenience comes added risk, so here are some tips to help secure your devices and protect your personal information.

    • Password-protect your devices. Protect the data on your mobile device and enable encryption by enabling passwords, PINs, fingerprint scans, or other forms of authentication. On most current mobile operating systems you have the option to encrypt your data when you have a password turned on. Turn it on!
    • Secure those devices and backup data. Make sure that you can remotely lock and/or wipe each mobile device. That also means you should back up your data on each device in case you need to use the remote wipe function. Services such as iCloud, OneDrive, and Google offer device location, wipe and backup services.
    • Verify app permissions. Don’t forget to review which privacy-related permissions each application is requesting, before installing it. Be cautious of fake applications masquerading as legitimate programs by verifying that the application is from a reputable source, such as the Apple Apps Store, Microsoft’s Store, or Google’s Play Store. Occasionally,  applications in the official stores can include malware. Read reviews and descriptions carefully. Only install applications that you need. Remove applications that you are no longer using.
    • Update operating systems. Security fixes or patches for mobile devices’ operating systems are often included in these updates. Just like patching a computer, iOS, Android, and Windows Mobile all need to be patched and kept current.
    • Be cautious of public Wi-Fi hotspots. When using your mobile device, watch for connections to public hotspots. Many mobile devices will automatically connect to hotspots and prioritize data transmission over Wi-Fi by default. Verify that your settings require manually selecting hotspots if possible. Working with sensitive data while connected to a public hotspot could lead to unintended data exposure. Always ensure that you are using a secure connection.
    • Always apply safe computing practices. Whether traveling with a mobile device, a laptop, or sitting in a hotel business center, you always want to use safe computing practices to protect your data. See this link for more tips: http://www.middlebury.edu/offices/technology/infosec/education/training/SafeComputing.


@MiddInfoSec: A New Phishing Attack is Targeting Email ID’s

A new phishing attack is hitting the campus with a subject line of, “Your email id”. Delete this message if you see it. Do NOT click any links in this message. If you believe you have fallen for this fishing attack:

This malicious email would have looked similar to the message below.


Subject: Your email id

Your?mail Id has used 91% of its allowable storage space.?Once your account exceeds the allowable storage space you will be unable to receive any email.?Click?Resolve?to login to your account and resolve this issue.




For additional information on phishing please visit http://go.middlebury.edu/phish .


WRMC’s Stacks & Tracks is back! With guest DJ, Prof. Christopher Star

We’re back. On the air, and live streaming, at a new time.

Wednesdays, 12p-1p

Tune-in during your lunch hour to the radio show that reveals the secrets of special collections.

This week we’ll be joined by guest DJ, Classics Professor Christopher Star for Episode #12, featuring music and talk inspired by the thought, art, and life of ancient Greece and Rome.

Mozart to Jimi Hendrix, Johnny Cash to The Doors. Be there. And be enlightened. With a soundtrack.

91.1FM | iTunes radio | listen online | on your phone

Stacks and Tracks

WRMC Studio, 1970. From the Middlebury College Archives.

Weekly Web Updates – March 7, 2016

You No Longer Need to Wait Five Minutes to See Your Drupal Changes (Most of the Time)

When you save content, save page settings, or create new content, that change will now immediately appear for everyone browsing the site, whether they are logged in or not. We use a caching service named Varnish that takes the rendered output from Drupal and keeps it in memory for five minutes. Everyone who is not logged in visiting the site (if you’re logged in you will always get an un-cached copy) will get the copy of the page from Varnish within that five minute window, meaning Drupal doesn’t need to use resources recreating the page for each visitor. After five minutes, the next person to request that page will get it from Drupal and Varnish will update its cache with the new copy.

Now, when you update or create new content on many of our Drupal sites, Varnish will be notified in the background that it should clear its cache and get the new copy of the page. So even if it’s only been a minute since the page was requested when you click the save button, the next visitor will get a fresh copy of the page from Drupal with your latest changes.

Unfortunately, this does not work for content displayed in page regions other than the main content area. If you update a sidebar item on a department homepage, the cache will only clear for that homepage, not all of the sub-pages on which the sidebar item might also appear. You’ll still need to wait the five minutes for that to happen.

We have only made this change to the Drupal sites where we run Monster Menus. Right now, that includes:

  • www.middlebury.edu
  • www.miis.edu
  • forms.middlebury.edu
  • forms.miis.edu
  • courses.middlebury.edu
  • courses.miis.edu
  • museum.middlebury.edu
  • www.davisfellowsforpeace.org
  • www.davisprojectsforpeace.org
  • www.davisuwcscholars.org

We will roll out a similar change to our other Drupal sites soon.


Fixes & Tweaks

  • We’ve corrected several JavaScript errors that were preventing the footer from appearing correctly on the L&ITS Wiki.
  • The Audio Player plugin for MediaWiki now works as intended.
  • Drupal webform radio and checkbox lists that are marked as required will now correctly show the red asterisk next to their field label when the field allows “Other…” as an option. It was missing, previously.
  • The Site Editor Log In link on the Middlebury Drupal site now appears in bright green on blue backgrounds, making it visible.
  • We have removed the WordPress Simple Footnotes Editor Button plugin, which no longer works.
  • We have removed the Pinterest link from the MIIS site footer.
  • The Varnish 503 Error page has been re-themed to provide better messaging during an error or widespread downtime.

Weekly Web Updates – February 29, 2016


Fixes & Tweaks

  • The MIIS Course Hub now has a print stylesheet so that the course photo rosters can be printed off without cutting people’s faces in half on page breaks.
  • Vimeo embeds in our Drupal sites now have the “allowfullscreen” attribute, so people can watch them in full screen mode, if they wish.
  • Shows that overflow into the next day on the WRMC schedule will now just appear on the day in which they begin.
  • Our CategorySuggest plugin for MediaWiki now has a Spanish translation and can allow categories beginning with lowercase letters, if those are configured for the MediaWiki site.
  • Recycle Bins will no longer appear in the drop down navigation on the MIIS site.
  • Fixed an issue that was preventing the sidebar navigation from working on some MIIS sub-sites like MonTREP.
  • The MIDD and MIIS Course Hub’s now use Drupal’s Batch API to handle course builds, which helps prevent page timeouts and keeps the build interface consistent.

Work Study – a poem

Thanks to poet Gary Margolis for sharing this library-related poem.

Work Study

Memory requests a title from the closed
stacks. An exchange student is sent
into the basement to retrieve an available book.
Downstairs he remembers he saw a couple

of co-eds making love in their end-of-semester
carrel. They didn’t look up. Never asked
if he wrote his mother in Ethiopia. They just
kept going at it. A phrase he learned

in his ESL class. Perhaps one day he’d recall
in his home-at-last house. Retrieve a fact
he learned for a test. Memories aren’t stored
like books. What we feel and smell and see,

what we touch, chapters it wouldn’t be wrong
to say, kept separately in the brain’s foreign
places. Experienced pieces of love and near-love.
We can retrieve if we remember to ask. Even

when they’re found where they’re supposed to be.
Next to another story, a text, an oversized
compendium of maps. And carried, close to the chest,
floor by floor, up to the circulation desk.

-Gary Margolis