LIBLICENSE-L Archives

LibLicense-L Discussion Forum

LIBLICENSE-L@LISTSERV.CRL.EDU
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Wiley Registering "Fake DOIs"
From:
LIBLICENSE <[log in to unmask]>
Reply To:
LibLicense-L Discussion Forum <[log in to unmask]>
Date:
Mon, 20 Jun 2016 20:23:36 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (150 lines) 
From: Gabriel Gardner <[log in to unmask]>
Date: Mon, 20 Jun 2016 21:16:50 +0000

In case anyone was wondering about the status of this:

https://twitter.com/blahah404/status/736301738974646276, I can confirm
it is true. See below.

Details and a partial list of “fake DOIs” here:

https://docs.google.com/document/d/1uTVHPI8r4VO31KihsyiBHsh_gp8jZ38fMvP5nP5XOkw/edit

If anyone on here is familiar with the registration of DOIs I’d love
to have a conversation with you about whether this is a common
practice.

Gabriel J. Gardner
Librarian for Criminal Justice, Linguistics, and Romance, German,
Russian Languages & Literatures
California State University, Long Beach
[log in to unmask]

***********
From: intellectual property [mailto:[log in to unmask]]
Sent: Thursday, June 16, 2016 12:35 PM
To: [redacted] ; Huenniger, Jim - United States
<[log in to unmask]>; [redacted]
Cc: DL-securityinternal <[log in to unmask]>; intellectual
property <[log in to unmask]>; Higdon, William - Hoboken
<[log in to unmask]>; Cruz, Beth - Hoboken <[log in to unmask]>; Loo,
Steven - Singapore <[log in to unmask]>; San Miguel, Paula - Singapore
<[log in to unmask]>; Madej, Julian - Oxford <[log in to unmask]>
Subject: RE: California State University Long Beach – [redacted]

Dear [redacted],

Wiley has been investigating activity that uses compromised user
credentials from institutions to access proxy servers like EZProxy
(or, in some cases, other types of proxy) to then access
IP-authenticated content from the Wiley Online Library (and other
material). We have identified a compromised proxy at your institution
as evidenced by the log file below.

We will need to restrict your institution’s proxy access to Wiley
Online Library if we do not receive confirmation that this has been
remedied within the next 24 hours.  While we sincerely regret any
inconvenience this action may cause, Wiley is obliged to protect its
intellectual property as well as inform you when we detect
unauthorized access to Wiley content via your servers. Also note that
further activity through your proxy may result in additional
restrictions being placed along with repeat notices.

Please also consider, that beyond illegally downloading copyrighted
content licensed by your institution, we do not know what else—if
anything—has been accessed once authenticated by your servers. Also,
in virtually all instances, the user at your institution has no idea
that his/her credentials have been compromised. Phishing scams,
malware and other means are used to obtain these credentials.

With that, we ask that you have your IT or Information Security team
take the following actions:

Please use the log file below to immediately identify the compromised
user credentials, reset the user(s) credentials, and kill all active
sessions.

To kill the active sessions:

1.            In EZ Proxy Admin, select Server Status.

2.            Find the user and select Session ID; click on it.

3.            Another screen will open with session details.

4.            Beneath that, one option is “Terminate Session.

5.            Click on it to end the session immediately.

NOTE: ALL open sessions for the compromised user on this server MUST
be closed after the user has been blocked and/or banned. Restarting
EZproxy will not achieve this as active sessions are persisted to
disk.

Once completed, please send an email to [log in to unmask]
confirming that you have completed the aforementioned actions. If you
have difficulties in identifying the source of the breach, in your
response to the [log in to unmask] box, please indicate in
the subject line “Assistance Needed” and we will try and connect you
with a member of Wiley’s engineering team to try and assist you or
your colleagues.

Extracts of web server logs are appended at the end of this email.

Regards,

Wiley Global Intellectual Property Team

**********

Logs from California State University Long Beach ([redacted])


2016-06-16T14:06:38-0400/doi/10.1002/xobcuor.30662/pdf

2016-06-16T14:06:33-0400/doi/10.1002/xxefnps.9919/pdf

2016-06-16T14:06:28-0400/doi/10.1002/ybcehis.10949/pdf

2016-06-16T14:06:22-0400/doi/10.1002/ydooufq.7806/pdf

2016-06-16T14:06:17-0400/doi/10.1002/ydrptvv.14978/pdf

2016-06-16T14:06:11-0400/doi/10.1002/ygixdsr.25212/pdf

2016-06-16T14:06:06-0400/doi/10.1002/yhkrloh.22621/pdf

2016-06-16T14:06:00-0400/doi/10.1002/ykbubyy.30186/pdf

2016-06-16T14:05:55-0400/doi/10.1002/yldvojr.17876/pdf

2016-06-16T14:05:49-0400/doi/10.1002/yovitzd.14140/pdf

2016-06-16T14:05:43-0400/doi/10.1002/yuivgxo.29065/pdf

2016-06-16T14:05:38-0400/doi/10.1002/ziwebjr.9461/pdf

2016-06-16T14:05:32-0400/doi/10.1002/zmvjcpa.25611/pdf

2016-06-16T14:05:27-0400/doi/10.1002/znadgzt.25099/pdf

2016-06-16T14:05:21-0400/doi/10.1002/zrvbbgr.64332/pdf

2016-06-16T14:05:15-0400/doi/10.1002/ztmqzit.4245/pdf

2016-06-16T14:05:09-0400/doi/10.1002/zwkdhpe.15022/pdf

2016-05-31T13:22:39-0400/doi/10.1002/loprsph.29524/pdf

2016-05-31T13:22:32-0400/doi/10.1002/lllsfop.31399/pdf

2016-05-31T13:22:25-0400/doi/10.1002/kyqvfgc.28876/pdf

2016-05-31T13:22:19-0400/doi/10.1002/kxzyivg.30145/pdf

2016-05-31T13:22:12-0400/doi/10.1002/kxasgdi.6145/pdf

2016-05-31T13:22:05-0400/doi/10.1002/kitydnp.2167/pdf

2016-05-31T12:52:59-0400/doi/10.1002/ztmqzit.4245/pdf

ATOM RSS1 RSS2