[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Proxy Servers & Hacker for a Day: LJ Academic News Wire
- To: liblicense-l@lists.yale.edu
- Subject: Proxy Servers & Hacker for a Day: LJ Academic News Wire
- From: Ann Okerson <ann.okerson@yale.edu>
- Date: Mon, 16 Dec 2002 19:48:34 -0500 (EST)
- Reply-To: liblicense-l@lists.yale.edu
- Sender: owner-liblicense-l@lists.yale.edu
Of great interest... forwarded with permission of LJ. -----Original Message----- From: chlj@espcomp.com [mailto:chlj@espcomp.com] Sent: Friday, December 13, 2002 12:59 PM To: AALBANESE@REEDBUSINESS.COM Subject: Library Journal Academic News Wire: December 12, 2002 Library Journal Academic Newswire (TM) The Book Report for December 12, 2002 In This Issue I. NEWS --JSTOR says open proxy servers threaten security of campus networks --Open proxy helps librarian turn hacker for day --Wait 'til next year: In California things to get worse before they get better --Science.gov gateway connects public to govt. sci/tech info --For Rosetta, Random e-book legal battle over, but now what? II. Marketplace news --Palgrave invites librarians to learn more about SYBworld at ALA --Serials Solutions announces two new linking services --JEP announces its new publishing partnership with Columbia University Press [SNIP] ******************TODAY'S NEWS****************** [SNIP] ---------------------------------------- OPEN PROXY HELPS LIBRARIAN TURN HACKER FOR DAY When Melissa Belvadi, systems and services librarian at Maryville University Library (St. Louis), first heard that JSTOR had been attacked using open proxies, she was curious. Just how was this possible? So she sat down at her computer, went to Google, and within minutes found a site that listed for free hundreds of open proxies. Minutes later, she was accessing full-text articles from libraries at The University of California, Berkeley, and Carnegie- Mellon University. "I wasn't even checking JSTOR, I was going into databases we didn't have and almost immediately I was into their full-text," she told the LJ Academic Newswire. It was then that the threat posed by open proxies became real to her. "We had to drag a lot of publishers kicking and screaming into these databases," said Belvadi. "These kinds of open proxy servers are a threat because if publishers get upset they can start pulling their content." Belvadi says she wrote a cordial note to librarians at the institutions she was able to access informing them that she was not a hacker, but that their systems were vulnerable. Belvadi says she was shocked at how easy it was to get into a campus's system. "You just need to find a dot-edu domain," she noted. "It could be a student, the campus bookstore, an administrative office." She notes that on a large campus where there can be more than 25,000 computers, the vulnerability--thanks to sites like antiproxy.com, which lists open proxies for free--can be extensive. While she was surprised how quickly she was able to get into databases, "I was most surprised how easy it was to find these lists." Belvadi said she now understands exactly what prompted JSTOR President Kevin Guthrie's warning about the threat of open proxy servers. "JSTOR found someone exploiting them that was not some little grad student," she said. "It's not a big deal if someone is just using your service for an hour or two. But someone could download the entire contents of JSTOR and set up a mirror site." Such concerns could hurt the progress of electronic resources if publishers begin to get cold feet about such a scenario. Belvadi says that simply monitoring network use could be a simple and effective way to make sure such abuse does not happen. [SNIP] *********************************************** To subscribe to the LJ Academic Newswire, fill out the form at http://www.libraryjournal.com/newswire/subscribe.asp Contributing Editor: Andrew R. Albanese (aalbanese@reedbusiness.com) 646-746-6852 Editor: Francine Fialkoff (fialkoff@reedbusiness.com) 646- 746-6807 Copyright (c) 2002 Library Journal. All rights reserved. Redistribution allowed only via E-mail delivery or print- out/photocopy distribution within 60 days of original transmission and only to individuals affiliated with the institution which received the original E-mail from Library Journal. "Library Journal" is a registered trademark. "Library Journal Academic Newswire" is a trademark.
- Prev by Date: RE: Security Issues (was JSTOR) Pt. 2.
- Next by Date: NYTimes.com Article: Moore Foundation funds new journals
- Prev by thread: RE: NYTimes.com Article: Moore Foundation funds new journals
- Next by thread: Creative Commons
- Index(es):