Library Software Upgrade Scheduled

upgrade

The Upper Hudson Library System has scheduled an upgrade of our library management software for 4:00 AM on Tuesday, April 19th.  The process should be completed long before the libraries open.  However, you may experience difficulty logging in to use remote library services (catalog, library account, OverDrive, etc.) during the upgrade.  Thank you for your patience.

Android Security Gets Stagefright

androidA new and nasty vulnerability in the Android operating system, dubbed “Stagefright”, has recently come to light.  Initially, it was reported that this bug would allow a hacker to gain control of an Android device with only a text message.  Once in your phone, a hacker could steal or take over anything on your device and then infect everyone in your contacts.  Until device manufacturers and wireless carriers can issue a fix, Android users were advised to disable the setting to “automatically retrieve” MMS messages in their texting app and Google Hangouts.

A week later, it was reported that the infection could not only arrive via text, but could also be embedded in any number of apps or websites just lying in wait.  Because the bug is surrounded by “safe coding”, security software will not necessarily catch it.

The good news is, lots of people are working on fixing this.  In fact, Samsung and Sprint have already worked together to release a fix for the Samsung Galaxy Note 4.  Unfortunately, their fix only works on that device.  Many more fixes will need to be generated and pushed out to patch up the nearly 950 million vulnerable Android devices out there.  If you are an Android user, be on the lookout for available updates for your device.

For more information about Stagefright, Fortune.com has an excellent article and Q&A on the subject.

Has your device been infected?  Tell us about it in the comments.

iOS Mess

8iOS 8, the latest operating system for iPhone, iPad, and iPod Touch released on September 17th, has had a less than impressive debut.  At first, it appeared to be unstable, causing crashes.  Apple hurried to release the 8.0.1 patch, and the new software seemed to cause more problems than it fixed.  Despite the fact that Apple quickly made the 8.0.1 patch unavailable, several people were stuck with updated (read: broken) iDevices.  Apple states that iOS 8.0.2 is on the way, but if you are one of the unlucky folks looking for a way to downgrade back to iOS 8, follow these simple instructions from ReadWrite.  If you feel that upgrading to iOS 8 was a mistake altogether, hurry and check out ReadWrite’s instructions for downgrading back to iOS7, which may only work for a limited time.

Are you waiting to upgrade your Apple device?  Let us know in the comments.

Time to Change All of Your Passwords. Seriously.

thiefYesterday, news broke that a Russian crime ring known as CyberVor has stolen over a billion username/password combinations, as well as a half billion email addresses from popular sites all over the web.  While there is currently no way to confirm whether your information has been compromised, or even which websites have been hit, it would be prudent to assume that at least one of your online accounts has been jeopardized, and take action to ensure the security of all of your online accounts.

When creating new passwords for your accounts, do not reuse passwords for multiple accounts.  That way, if one of your accounts gets hacked, criminals won’t automatically have access to more of your accounts.  There are several strategies for making sure the new passwords you create are secure.  See this list for ideas.

Two-factor authentication (a.k.a. two-step verification) is another option provided by some websites that offer can offer an additional layer of account protection.  For example, after entering my username and password at my bank site, I am always prompted to answer at least one of my pre-defined security questions.  Another site that offers two-step verification is Gmail (more info).  For more sites that offer two-factor authentication, check out this article by Lifehacker.

A couple of additional security tips:

  • Do not set your computer/device to remember passwords.
  • Make sure your computer/device is set to lock when it “sleeps” or you walk away from it.  It may be inconvenient to keep logging in, but it will be even more inconvenient if your information gets stolen.
  • Avoid logging into sensitive sites on public Wi-Fi if at all possible.  Other users on the same network with the right software may be able to see your information as it is being transmitted.

While no online account is completely safe from hacking attempts, creating strong, unique passwords, using two-factor authentication, and only accessing accounts on secure network connections go a long way toward keeping your digital information out of the hands of criminals.

Do you have any additional security tips to share?  If so, please share them with our readers in the comments section below.

Internet Explorer Found to Be Vulnerable

This past Saturday, Microsoft announced that a major vulnerability was found in all supported versions of its internet browser, Internet Explorer.  Even if you know and follow the rules for surfing safely, you are still vulnerable.  Microsoft has not yet released an update or “fix-it” to address the issue.  The best (and easiest) way to protect yourself is to switch to a different internet browser, such as Mozilla Firefox, Google Chrome, or Opera. There are some software settings and downloads that can help increase the security of IE, but these may require more tech savvy than some people care to muster.

For more details about the vulnerability, along with suggestions for increasing the security of your Internet Explorer installation, check out this article at the blog “Krebs on Security.”