Interlibrary loan system MiLE in Michigan irrecoverably hacked; planned transition to URSA 4.0
The Library Network (TLN) runs cooperative library systems throughout Southeastern Michigan, and has been running the MiLE automated inter-library loan system for member libraries. MiLE is down as of this writing, and here's the explanation from the TLN November 7 2005 newsletter:
MiLE Update
As many of you know, the MiLE server was seriously damaged as a result of computer hackers. The MiLE Board has decided to accelerate our migration to the newest MiLE software, URSA 4.0. We hope to be up on URSA 4.0 within the month. Many new features will be available in URSA 4.0, including an improved public catalog, ability to renew items, and the ability to request photocopies.
The problem with the MiLE server has highlighted problems within TLN’s Networking Services Department that we are addressing as quickly as we can. I will be providing a full report on this situation to both our Board and Steering Committee.
Some links re URSA 4.0:
- Dynix unveils Universal Resource Sharing Application 4.0 (press release from Dynix, via Library Technology Guides)
- Cal State University - Library Services - status report (notes CSU implementation of URSA 4.0)
- 2004 MiLE Board Meeting minutes (discussion of URSA 4.0, how long wile MiLE last?)
- ursa-talk archives from October 2005 (ah, the place where the tech librarians are talking among themselves - this would be the ur-source of real information)
UPDATE 11/14/05:
- Library Network Security (John Blyberg from the Ann Arbor District Library on the sad state of infosec in the library community)
Technorati Tags: books, clutter, hackers, libraries, MiLE, tln, ursa
wow. that page you linked to seems to say two things loud and clear 1) we are downsizing, in some cases seriously 2) we got hacked, badly. It's hard not to wonder if there was a connection.
What I didn't get, and what I am curious about is What Was Hacked? Is this a typical Windows exploit in which case perhaps it's a good cautionary tale for other Windows users, or is it a homegrown system which was built insecturely? I think people who aren't very tech savvy and don't understand a lot about technology have a tendency to accept "hacked" as an end-reason in and of itself, but usually it's people exploiting some sort of technological vulnerability and not just launching an attack on a system because they're mad and/or evil.
I know people don't like to explain how these things happen, but if it's an opportunity for us to all learn what NOT to do, I think the benefits would heavily outweigh the downsides.
Posted by:jessamyn | November 14, 2005 at 11:04 AM
"Is this a typical Windows exploit in which case perhaps it's a good cautionary tale for other Windows users, or is it a homegrown system which was built insecturely?"
No and No. It didn't run on Windows and it wasn't a homegrown system. Yes, downsizing probably did contribute to the problem.
Posted by:Libtech | November 14, 2005 at 11:06 AM