Meeting on the ledge

(or why I don't get out much…..)

Security weaknesses in HIP

  News came out this week via the Horizon email list of a serious security weakness in HIP, the Horizon web catalogue ( I’m deliberately not going to give any links here to deter hackers). Apparently SirsiDynix have known about this for some time and wrote a note suggesting some fixes in April. However despite the seriousness of the problem it was not generally publicised to libraries which use HIP.

  I know the company is still going through internal reorganisation but I’m dissappointed that nobody appreciated the risk and that they needed to be proactive in dealing with it. Its rather like Ford suddenly discovering that the passenger’s door of the Fiesta is unsecured but then not letting their customers know that the door is open or helping them install a lock. Many HIP catalogues out there are still unprotected because the staff who read the email list didn’t understand or appreciate the email and I’d like to hope that SirsiDynix will be contacting us all to help us deal with the problem.

Advertisements

May 23, 2007 - Posted by | Libraries

1 Comment »

  1. SirsiDynix have finally responded with a post to the Horizon-L mailing list and by putting a message about the problem on the customer webpages. I’m glad to see this, which proves that they monitor the email list (I know they look at this blog!). Hopefully the customer contacts will follow the issue up with at least those libraries they know that might have difficulty either understanding the advice or applying it?

    Comment by Ian | May 25, 2007


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s