Print
DiscussTo the Editor:
Re: “Library Website Hacking Arouses Confusion for Site Visitors,” News, April 8.
Yesterday’s Sun ran piece on the Library website being hacked, “Library Website Hacking Arouses Confusion for Site Visitors.” I’d like to provide you with an update on this incident.
Security on the server which hosts the library.cornell.edu site was breached. Within minutes, Cornell Information Technologies’ (CIT) security staff notified our IT staff, at which time we immediately began working with CIT to address the breach. The exploit affected three sites on the server, and we quickly restored them to their original states without losing any data. Unfortunately, Google indexed the Library’s site while the malicious content was up, so we had to ask them to reindex once we found that out. We are continuing to monitor the server closely and are working with CIT security staff to analyze the server carefully to ensure that there are no remaining vulnerabilities.
Also, two points of clarification regarding yesterday’s article: First, the article referred to malicious content on “a page off the Human Ecology College’s library homepage.” Actually, this was the “Human Ecology Historical Photographs” site, which was a joint project of the Library’s Division of Rare and Manuscript Collections and the College of Human Ecology and which is hosted on the same Library server as the Library’s website. Second, you speculated about a connection between the Library server breach and the Conficker worm; the server involved was not a Windows server, so there was no connection to the worm.
To sum up, I want to thank my Library IT colleagues and our colleagues at CIT for their prompt, conscientious responses to the incident. As well, I want to reassure the Library’s user communities that we follow best practices for protecting the Library’s web content from malicious attacks and for addressing the rare breaches that can occur.
Marty Kurth
Director, IT Infrastructure
Division of Library Information Technologies
Cornell University Library
Email this Opinion Piece
Printer-friendly version