RE: Password bootleggers

["Diane Fagen" <DFagen@avma.org>]

We encountered this while verifying administrator e-mail 
addresses when assisting universities in registering for IP 
access to our journals.

Entering the university-supplied serials administrator's e-mail 
address will often expose one or more sites that are publishing 
the login and passwords.  This method is not foolproof, but 
simply a quick check for the more obvious postings.

We have alerted seven universities to such sites within the past 
week.

Diane A Fagen, Librarian / Copyright & Permissions
American Veterinary Medical Association
1931 N Meacham Rd
Schaumburg IL 60173-4360
Telephone: 847-925-8070 ext 6770
FAX:          847-925-9329
e-mail:       dfagen@avma.org

-----Original Message-----
From: owner-liblicense-l@lists.yale.edu
On Behalf Of James J.O'Donnell
Sent: Thursday, May 21, 2009 7:46 PM
To: liblicense-l@lists.yale.edu
Subject: Password bootleggers

Two websites have surfaced in recent days, 
http://www.journalpassword.com and http://www.passfans.com, that 
present login and password combinations that are good for a 
variety of University libraries around the world.  The point is 
that with such login (often the login to the proxy server), a 
reader can then navigate to whatever proprietary and subscription 
databases, e-journals, and the like the given University has to 
offer.  I am aware of institutions working to make sure that any 
of their own information posted on these sites is invalidated 
immediately, but obviously libraries and publishers will both be 
concerned.  Just at the moment journalpassword.com seems 
disabled, but passfans.com is up and running, though it seems to 
hide the login/password information behind a thin screen of 
requiring visitors to register.

Jim O'Donnell
Georgetown U.