Monday Briefing - October 4, 2021

Computer and Network Services (CANS) Dept. Situations

Reset Passwords Immediately

Important! Action may be required!

While reviewing the recent email hacking situation, we have discovered the long-term use of temporary passwords. Please see more details in the email sent by Bob to pls-l on 10/4/2021 just before 10:00am.

So far we have discovered 27 passwords similar to the above that have been compromised over 255 times and are openly available on the internet.

These are temporary passwords and should never be used past the first logon. If you still have one of these passwords in ANY system it needs to be changed immediately. Please open a ticket with support@pls-net.org if you need help resetting passwords.

Remember, these passwords should be at least 12 characters and reasonably complicated. Do not use the same password for multiple services. Everything should be unique.

Additionally, if your libcirc email accounts are using passwords that are several years old or are less than 12 characters long, they should be changed as well.

Internally we have already begun using randomly generated passwords for new accounts.

Password Requirements

• Passwords used to access PLS Information Systems that contain patron PII shall be:
  • Randomly generated;
  • At least 12 characters long;
  • Unique; and
  • Should contain some level of complexity.
• Examples of adequate passwords include:
  • A “diceware” password (a string of randomly generated dictionary words)
    • If using a “diceware” password, the password shall consist of a minimum of five randomly generated words.
  • A password that is at least 12 random characters long.
• Passwords shall not:
  • Consist of previously used passwords; or
  • Consist of passwords used for personal accounts.
• Passwords used to access PLS Information Systems shall not be transmitted in plain text (such as by email).
  • An exception can be made for passwords transmitted for one-time use, i.e. passwords used for an initial login that the recipient should then change after they are able to access the system.
• If an account or password is suspected to have been compromised, report the incident to System staff immediately by emailing support@pls-net.org.

Source: https://docs.owwl.org/pub/Trash/CommunitySystemPolicies/Systems%20Access%20and%20Confidentiality%20of%20Library%20Records%20Policy%202021.09.08.pdf_

Blocked Third Party Access to Zimbra

All third-party client access to our Zimbra mail system has been blocked. Right now this means clients that use IMAP and POP to retrieve mail will no longer work. We may need to go further in the coming days. Our servers have been under attack from a Botnet for several days now. That Botnet has been successful in compromising at least one account in our system. Blocking IMAP and POP reduces our exposure to these attacks. Both protocols are problematic, to say the least. As a reminder email can be accessed through https://mail.owwl.org from your desktop or mobile device.

Changes in CANS Staff from Ron Kirsop

Please note that Adam Keuer no longer works for Pioneer Library System. This staffing change along with the previously noted security situation will result in a temporary slowdown in the response times to certain tech-related issues. Thank you for your understanding and patience. Please continue to send all support requests to support@pls-net.org.

Annual Meeting and Trustee Election

On Wednesday, October 13, 2021, at 6:00 PM we will be holding an online Annual Meeting for the election of our System Trustees . Unlike previous years, this meeting will be strictly for the election and a few remarks from System leadership.

All member library trustees are eligible to participate in the election. We will be filling three positions, Ontario County, Livingston County, and Wyoming County. We have incumbents for Ontario and Livingston, however, no one is currently running for the Wyoming County position.

NYLA Announcement - Trustee Education Legislation

We Need YOUR Voice NOW to Push the Library Trustee Training Bill to the Finish Line.

Each year, thousands of bills are introduced by elected officials in New York State.

Of those, a few hundred make their way to the Senate and Assembly Chamber to be voted on by the entire legislature.

From there, each piece of legislation has one final step: the Governor. It is here, that Governor Hochul will read each bill and any supporting documentation. That's where you come in!

We only have until OCTOBER 9TH to TAKE ACTION!

Here is the text of the auto-generated letter that has been developed for this call to action:

As the 2021 legislative session began, advocates across the State like myself were unsure how to communicate our needs to our officials including, you. Fortunately, we found creative solutions including social media, visual mediums and of course, virtual meetings.

I am grateful for the work each member of the Legislature and the Executive Chamber did over the last seven months, however we aren't finished.

The following bill was passed by the Senate and Assembly and has been delivered to your desk.

S4435B (May) / A6121B (Jean-Pierre)
Library trustees play an important role in the success and long-term growth of their libraries. Their actions effect policy, personnel and finances. Currently, the state does not require library trustees to obtain any formal training.

Passage of this bill would ensure that those choosing to serve their libraries as a trustee have annual comprehensive training.

I urge you to sign the above into law and become a Library Champion.

2022 Minimum Wage Announced

ICYMI: NYS Minimum Wage will be $13.20 (a .70 cent increase over 2021) starting December 31, 2021.

Source: https://www.ny.gov/new-york-states-minimum-wage/new-york-states-minimum-wage

If the exempt salary threshold follows a similar tread, it will most likely be around $51,500.00/year. I am not sure when that will be formally announced on the NY site.