Bugs in open-source libraries impact 70% of modern software

Security Affairs

70 percent of mobile and desktop applications that today we use are affected at least by one security flaw that is present in open-source libraries. According to the Veracode’s annual State of Software Security report, 70 percent of mobile and desktop applications being used today have at least one security flaw that is the result of the use of an open-source library. In addition, most languages feature the same set of core libraries.”

Insider Attack on the Carnegie Library

Schneier on Security

Greg Priore, the person in charge of the rare book room at the Carnegie Library, stole from it for almost two decades before getting caught. It's a perennial problem: trusted insiders have to be trusted.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Public Library Staff: Making a Difference

CILIP

Public Library Staff: Making a Difference. Public library staff are an integral part of library services and arguably its most vital asset. Our new research Making a Difference: Libraries, Lockdown and Looking Ahead has made this, among other things, abundantly clear.

The Cyentia Library Relaunches

Adam Shostack

I’m excited to see that they’re Re-introducing the Cyentia Research Library , with cool (new?) The Cyentia Library lets us see what people are doing in terms of research and data. I am grateful for their work, and how it shines a light on where we are. When I comment that “how attackers get access” is underserved, what I mean is that its insufficiently well addressed in 2000 reports to have emerged or been noticed by the NLP and manual analyses.

Malware attack took down 600 computers at Volusia County Public Library

Security Affairs

System supporting libraries in Volusia County were hit by a cyber attack, the incident took down 600 computers at Volusia County Public Library (VCPL) branches. 600 staff and public access computers were taken down at Volusia County Public Library (VCPL) branches in Daytona Beach, Florida, following a cyberattack. “The county’s technology staff were immediately notified and coordinated recovery efforts with library staff,” reads the official statement.

Mobile Libraries: Culture on the Go

Unwritten Record

National Bookmobile Day is April 22, part of National Library Week (April 19-25). . A library is a place that stores information, a place where people from all walks of life have the opportunity to obtain textual and audiovisual material for education, entertainment, and enlightenment. But sometimes a patron is unable to access a library due to limitations of location or distance. What better solution to this problem than to implement a mobile library?

The British Library?s International Library Leaders Programme

CILIP

The British Library?s s International Library Leaders Programme. Ilene McKenna is the Lead Archivist, Archival Information System Renewal at Library and Archives Canada. In November 2019, she had the opportunity to take part in British Library?s

Wartime Reading: The Library War Service

Unwritten Record

When America entered World War I in 1917, the American Library Association decided to take part in the war effort by establishing the Library War Service. Its purpose was to provide library services to American soldiers in training camps and overseas. Poster used in A.L.A.

Cisco Talos discovered 2 critical flaws in the popular OpenCV library

Security Affairs

Maintainers of the OpenCV library addressed two buffer overflow flaws that could lead to arbitrary code execution. Maintainers of the OpenCV library addressed two high-severity buffer overflow vulnerabilities that could be exploited by an attacker to execute arbitrary code. OpenCV (Open Source Computer Vision Library) is an open-source library of programming functions mainly aimed at real-time computer vision. SecurityAffairs – library, hacking).

A backdoor mechanism found in tens of Ruby libraries

Security Affairs

Maintainers of the RubyGems package repository have removed 18 malicious versions of 11 Ruby libraries that contained a backdoor. Maintainers of the RubyGems package repository have discovered a backdoor mechanism in 18 malicious versions of 11 Ruby libraries. The backdoor was used by attackers to inject mining code in Ruby projects using the malicious versions of the libraries. “It seems that rest-client 1.6.13

Discover a world of reading this Libraries Week

CILIP

Discover a world of reading this Libraries Week. This Libraries Week (5-10 October 2020) libraries across the UK will showcase their reading offer as we celebrate the vital role of libraries in the UK?s ExpressYourShelf this Libraries Week by taking part in CILIP?s

Two malicious Python libraries were stealing SSH and GPG keys

Security Affairs

The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were stealing SSH and GPG keys from the projects of infected developers. The Python security team removed two t ainted Python libraries from PyPI (Python Package Index) that were found stealing SSH and GPG keys from the projects of infected developers. The expert discovered the two libraries on December 1, by the German software developer Lukas Martini.

Arup Library: 60 years

CILIP

Arup Library: 60 years. Arup Library: 60 years. It was founded in 1946 by engineer Ove Arup, who was born in Newcastle to Danish parents. Key projects include the Sydney Opera House, the Pompidou Centre and the British Library. The first library in the firm?s It has grown from a small collection of books and journals in a basement, to a global team of librarians, working together to help the firm shape a better world. Early Arup Library.

CILIP announces Honorary Fellowships including Library Champion Bobby Seagull

CILIP

CILIP announces Honorary Fellowships including Library Champion Bobby Seagull. Bobby Seagull and CILIP are delighted to announce that he will be continuing in the role of CILIP Library Champion for 2020-21.

Backdoor mechanism found in Ruby strong_password library

Security Affairs

The developer Tute Costa found a backdoor in the Ruby library during regular security audits before deploying his code in the production environment. The developer Tute Costa found a backdoor in the Ruby library during regular security audits. The dangerous code was used to check the password strength of user-chosen passwords when the library was being used in a production environment. The attacker created a new version of the library (version 0.0.7

COVID-19 Guidance for School Libraries

CILIP

COVID-19 Guidance for School Libraries. This Guidance has been developed by a Working Party convened jointly by CILIP, the CILIP School Libraries Group (CILIP SLG) and the School Library Association (SLA). It will be updated periodically when new information becomes available. If this information is printed, please ensure that it is dated and refer back to this page for the latest version. It can be useful in doing this to agree a framework or structure of ?levels?

Designing Libraries: Making space for makerspaces

CILIP

Recently I heard a librarian say that introducing makerspaces into libraries was one of the riskiest undertakings the service had ever embarked upon. I found this a little odd, since we are all in the information business and a lot of library time is taken up with answering ?how Is it so challenging to move from answers on the printed page to self-discovery under tutored guidance? s library buildings are a mixture of ancient and modern. Making a success of it.

What are libraries worth?

CILIP

What are libraries worth? What are libraries worth? WHETHER it?s Suffolk Libraries has recently commissioned and published research to do just that: convert the social value of three of its core services into pounds and pence. The purpose for doing so is not only to help the library service to explain its value to its funders but also to give Suffolk Libraries a fresh view of itself and the value of the different services it provides to the community.

Prototype Pollution flaw discovered in all versions of Lodash Library

Security Affairs

Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm. The flaw could be exploited by hackers to compromise the security of affected services using the library. The popular library is currently used in more than 4 million projects on GitHub. “The popular npm library is used by 4.35 Just shy of 40k GitHub project stars, the library is downloaded over 80 million times each month.

Celebrating the Library of the Future for Libraries Week

CILIP

s children build their Library of the Future for Libraries Week. Children, young people and LEGO enthusiasts from age 2 to 85 have been hard at work as part of Libraries Week ? s much-loved libraries. In a CILIP competition to build the Library of the Future out of LEGO bricks, hundreds of entries have highlighted the many different ways in which libraries will support their users in the future. to distribute books to library users. library lates?,

Libraries Week 2019 celebrates libraries in a digital world

CILIP

Libraries Week 2019 celebrates libraries in a digital world. Annual Libraries Week celebrations (7-12 October 2019) will showcase how libraries have transformed their digital offer, featuring events and activities in more than 1,000 libraries across the UK. s competition to Build the Library of the Future out of LEGO bricks and win tickets to LEGOLAND Windsor and ?500 500 to donate to a library of your choice. LOVE YOUR LIBRARY? ?

Get ready for Libraries Week 2020

CILIP

Get ready for Libraries Week 2020. CILIP is delighted to launch campaign assets for Libraries Week 2020, recognising the amazing contribution that libraries make to the UK?s Libraries Week is a weeklong celebration of the nation?s s much-loved libraries organised by CILIP, with a focus this year on celebrating books and reading. Libraries Week 2020 is sponsored by Nielsen Book and OverDrive.

New report: Advancing Art Libraries and Curated Web Archives

Archive-It

by Karl-Rainer Blumenthal, Web Archivist for Archive-It. The web archiving partners at the Internet Archive and the New York Art Resources Consortium (NYARC) are eager to share Advancing Art Libraries and Curated Web Archives: National Forum Report. In the meantime, we look forward to publishing more updates to the Archive-It blog, to the team’s homepage , and to the ARLIS/NA Learning Portal. Collaborative Collecting Museums and Art Libraries

Honey, I blockchained the library

CILIP

Honey, I blockchained the library. Honey, I blockchained the library. A floor wax and a shoe polish that beats, as it sweeps, as it cleans, if you like. I suspect it is equally annoying for many information and computer scientists. ?We has become a portmanteau term for any sort of database which is sufficiently advanced that it seems like magic. It can be quite fascinating to see how blockchain?s s magical status can turn it into one of Hitchcock?s

The Library of Everything

CILIP

Emerging Technologies: The Library of Everything. Library of Babel ([link] in real life ? a (practically) infinite library. Microsoft sees DNA storage as a future part of its Azure cloud services,2 and has recently announced significant advances in automation of DNA-based data storage and retrieval. This sounds like it could be expensive and cumbersome, and indeed today it is ? Arguably it?s It Was Hell.? ? CILIP non member newsletter.

CVE-2020-7247 RCE flaw in OpenSMTPD library affects many BSD and Linux distros

Security Affairs

Security researchers have spotted a vulnerability, tracked as CVE-2020-7247, that affects a core email-related library used by many BSD and Linux distributions. OpenSMTPD is an open-source implementation of the server-side SMTP protocol as defined by RFC 5321, it includes also some additional standard extensions. It allows ordinary machines to exchange emails with other systems speaking the SMTP protocol.

Libraries: don't mess with trust

CILIP

Libraries: don't mess with trust. Libraries: don't mess with trust. Jeni Tennison, CEO of the ODI discusses how libraries could fit into it without damaging themselves. Jeni Tennison, CEO of the Open Data Institute, is far from surprised or judgemental about this; these are the issues that the ODI spends most of its time finding solutions for. Operational uses such as using data to support the day-to-day running of a library. What can libraries do? ?So

Celebrating LGBT+ History Month in Libraries!

CILIP

Celebrating LGBT+ History Month in Libraries! February is LGBT+ History Month and libraries, information services and Learning Resource Centres up and down the country are organising events, activities, workshops and performances to celebrate LGBT+ people. If you work in a library that is running and event, don?t t forget to add it here to help promote it! ve put together our list of 10 favourite LGBT+ History Month activities coming to a library near you!

Library History with Heritage & University Archives

Archives Blogs

The history of libraries at Florida State University traces back almost 100 years to the 1920s. In 1923, FSU’s first library opened in what is now Dodd Hall. Dodd Hall served as the library for Florida State College for Women and then for Florida State University until Strozier Library was built in 1956. The Library, undated, [link]. In 1929, Etta Lane Matthews was hired as the first professor of Library Science.

Next steps for art libraries and curated web archives

Archive-It

by the Archive-It team. Partners from the Internet Archive and eight art libraries from across the country met earlier this month at the Getty Research Institute to plan next steps for collaborative archiving of web-published art resources. The meeting was the third in a series of national events supported by the Institute of Museum and Library Services (IMLS). Art library web archiving stakeholders at the Getty, March 2, 2020.

Closure JavaScript Library introduced XSS issue in Google Search and potentially other services

Security Affairs

A change made months ago in an open-source JavaScript library introduced a cross-site scripting (XSS) vulnerability in Google Search. The Japanese security researcher Masato Kinugawa discovered an XSS vulnerability in Google Search that was introduced with a change made months ago in an open-source JavaScript library. The library is named Closure and according to the expert it fails to properly sanitize user input.

Apache Struts users have to update FileUpload library to fix years-old flaws

Security Affairs

Apache Struts Users have to update the Commons FileUpload library in Struts 2 that is affected by two vulnerabilities. Apache Struts developers have addressed two vulnerabilities in the Commons FileUpload library in Struts 2, the flaws can be exploited for remote code execution and denial-of-service (DoS) attacks. CVE-2016-1000031 was discovered two years ago by experts at Tenable and it was addressed with the Commons FileUpload version 1.3.3

Designing Libraries: An academic question

CILIP

Designing Libraries: An academic question. Earlier this year I attended the biennial Liber Architecture Group (Lag) seminar, held in the Zaha Hadid-designed library and learning centre building on the impressive campus of the Vienna University of Economics and Business (known locally as WU). The idea in attending was to get an overview of how changes in technology and learning environments are influencing the design of library spaces across Europe.

Beyond digital literacy: STEM learning ideas from library professionals in the UK and Ireland

CILIP

Libraries are not just books ? We need] strong advocates who see the library as a place where STEM-rich learning takes place. ? In the words of one research participant, STEM learning in libraries is about ?promoting in other libraries or from STEM or education organisations ?

Dominic Cummings: Libraries are "desperately needed"

CILIP

Dominic Cummings: Libraries are ?desperately Dominic Cummings: Libraries are ?desperately DURING the 2019 General Election Boris Johnson said he loved libraries and wanted to invest in opening more of them, but added: ?We His special adviser, Dominic Cummings, has no such conditions attached to his support for libraries. libraries plus internal historians? His view was not that libraries needed equal treatment, they needed a much-improved status in government:

Stepping into Leadership ? online resources for leadership in libraries launched

CILIP

online resources for leadership in libraries launched. Over the past few weeks, those working in our public libraries have demonstrated their expertise, creativity, and commitment to serving their communities. At this particular moment, it is critical that there is support for public library staff at every level. They draw on non-academic sources and input from outside the library sector, yet are clearly framed to resonate within the public library context.

UX in Libraries: Cognitive maps

CILIP

UX in Libraries: Cognitive maps. andypriestner ) is a freelance UX trainer and consultant and Chair of the UX in Libraries conference andypriestnertraining.com uxlib.org. It may sound complicated but the idea itself is very simple: asking a library user to draw their experience of a library service or, more broadly, of learning. Contributor: Andy Priestner ( @andypriestner ) is a freelance UX trainer and consultant and Chair of the UX in Libraries conference.

Google expert disclosed details of an unpatched flaw in SymCrypt library

Security Affairs

Tavis Ormandy, a white hat hacker Google Project Zero announced to have found a zero-day flaw in the SymCrypt cryptographic library of Microsoft’s operating system. The recently released Microsoft Patch Tuesday security updates for June 2019 failed to address a flaw in SymCrypt , a core cryptographic function library currently used by Windows. Ormandy privately reported the flaw to Microsoft in March 2019, but the tech giant failed into fixing it after 90 days.

New guide to improving library services using key library assessment methodologies

CILIP

New book on improving library services with assessment data. Facet Publishing announces the publication of Putting Library Assessment Data to Work by Selena Killick and Frankie Wilson. Putting Library Assessment Data to Work takes common sources of data that academic libraries will already be collecting, and presents simple qualitative and quantitative techniques that can be used to evaluate and assess their services, both in detail and overall.

Prison library: Bringing children and dads together

CILIP

Prison library: Bringing children and dads together. THE world of the prison library is, by its very nature, hidden from the view of most people. But prison libraries are a statutory requirement (The Prison Rules, 1999 [link] and there is some wonderful work going on in jails around the country, which few people get to hear about. The library is situated fairly near the main gate in one of the Victorian wings, but it looks very much like any small branch library ?