What You Need to Know about the Heartbleed Bug

In case you haven’t heard, a vulnerability dubbed “Heartbleed” has been discovered in the encryption protocol that many secure websites use.  If you’d like a basic explanation of Heartbleed, The New Yorker did a great job of boiling it down.  Early speculation on which sites were affected and how users can best protect themselves varied widely.  Since the IT teams of individual organizations have had time to address the issue, we now have a clearer idea how to proceed.

The first step is to find out which sites you use that may be compromised and change your passwords at those sites.  Mashable create a fantastic chart to help you with this.  Keep in mind, this is by no means a complete list.  If you login to sites that aren’t on this list, check with each site to see if it is vulnerable and/or has addressed the problem.  For instance, Key Bank was not on Mashable’s list, but a quick visit to their website revealed that they do not use the vulnerable encryption software.

Of course, if you change your password but use that same new password at every site, you will remain vulnerable for other reasons.  If you have trouble keeping track of passwords, you may want to consider using a password manager.  For a guide to creating passwords, check out this guide from MakeUseOf.

Got questions?  Let me know in the comments and I’ll find answers.

OverDrive Digital Bookmobile Returns!

DigitalBookMobile.LogoLast year’s digital bookmobile event was such a success that we’ve asked them to roll through again this year!  On August 19th from 10am to 4pm, the OverDrive Digital Bookmobile will be in our parking lot to educate patrons about our downloadable collections.  First, venture inside the air-conditioned bookmobile and check out their exhibits.  We’ll have staff outside the bookmobile to answer your questions and help you get started using our downloadable e-books and audiobooks.

Are you already a user of our OverDrive collections?  Stop by and let us know what you think!  Your opinions are important to us.  We can also chat about what’s next for OverDrive.  On April 20th, OverDrive is releasing a new and improved mobile app, and we’ll be happy to show you what’s new.

We look forward to seeing you there!

When Will It Go Bad?

Food Date Myth

No, I’m not getting philosophical – just being practical. I found a great site called “EatByDate” that can tell you how long food actually lasts under different conditions.  You can browse by category or search for a specific food.  Not only will you get specific advice based on how the item is packaged and stored, this site will also tell you how to identify spoiled foods and offer tips on extending shelf life.

Do you have a practical site you’d like to share?  Let me know in the comments.

Trouble Contacting Us?

If you tried to use our library’s contact form on February 15th or 16th, you may have had some trouble.  Yesterday, I received an email from JotForm, the service we used to create and host our form.  The email stated that the JotForm.com domain had been suspended by GoDaddy, and proceeded to give instructions on how to get the form up and working again easily.  I must say I was very impressed by the speed at which JotForm users were contacted with a solution to this issue.  In fact, no one had even complained about the form on our site being broken yet!  I am thankful we weren’t one of the users who had upwards of 50 forms to fix, though.

Because the email was vague, my curiosity got the better of me, and I did a bit of research.  As it turns out, GoDaddy was responding to a government order, and JotForm was under investigation by the Secret Service.  Despite my initial panic (what had I gotten the library into?!?), I read on to learn that one of JotForm’s millions of users *might* be using JotForm for a phishing scam.  JotForm was eager to work with the government to resolve the issue, but was put off because “a few days” were needed to review the case.  Meanwhile, those millions of users are stuck finding staff/personal time to fix all of those forms.  My question is, why couldn’t the case have been looked at *before* shutting down an entire domain with no warning, inconveniencing all those people and companies?  I can appreciate the interest in protecting the public from a phishing scam, but the reaction seems a bit like clear-cutting a forest to take care of a single diseased tree.  It also feels a bit like SOPA/PIPA to me.  Is anyone else nervous?

For more on the JotForm story, see this c|net article.