Info (in a) Sec: July 2021

Add yourself to our Newsletter list to receive future installments.

Welcome Back!

... Or if this is your first time here, Welcome! Bienvenidos! Ahlaan Bik! Svaagat He! Huanying!

This edition marks our second quarterly newsletter and you can check out the inaugural edition here.In our newsletters we’ll share a little bit about the projects we are working on, the services we provide, and things we think you’ll be interested in.

Now on to what was happening between April and June, 2021...

UC Accellion Data Breach

Spring whizzed by as we were learning more about the UC Accellion Data Breach. There was a tremendous amount of information covered in our Identity Theft Resources and Identity Theft Protection Town Hall, so be sure to check them out. And we also created a page of Resources for Prevention and Response to Online Harassment - please share with others who may find the content helpful.

Project Updates

CalNet Directory Update 

Our CalNet developers have been hard at work updating the CalNet Directory Update tool (that’s the spot you go to update your info). It’s not only getting a facelift, we will be adding additional features like pronouns and you will be able to request new values for honorifics and generational titles. Sweet, when will it launch? We are shooting for fall, so stay tuned for more info.

CalNet Passphrase Reset Project

I know, it’s confusing. Directory Update, Passphrase Resets, CalNet. How will you ever keep them straight? Well, good news my friend! We have completed the CalNet Passphrase Reset Project for all non-grace accounts, so basically you don’t have to worry about that one anymore. Thanks for changing your passphrase and helping us to better secure our community.

Send Me a Push

Duo App screen

Or rather, send yourself a Push. We highly recommend using the Duo Mobile App to "Send Me a Push” when you do your CalNet 2-Step. Okay, but why should I do the Push? Well, I'm glad you asked... (clears throat and queues bulleted list):

  • It's quicker than a text or a phone call and it's more secure.

  • Duo Push encrypts the message to/from your phone. 

  • The App screen tells you information, like the location where the prompt originated from - so if you ever get a random request from say, Maui, when you are in Berkeley, you’ll know something’s up!

  • It protects better against man-in-the-middle attacks. Man-in-the-what-now? MiTM attacks are when the bad guys intercept the SMS passcode sent to you and then use it to log in as you.

  • ....And it uses almost no data. 500 pushes to your device will use 1 MB of data in total. That’s like loading our security.berkeley.edu homepage on your smartphone. Which you do all the time, right?

If you stopped using the Duo App because it was acting buggy, reinstall it! Many of the issues have been worked out and we have great instructions for setting up your smartphone or a tablet device to make it easy.

In this Issue

Ask ASCII:

Dear ASCII, 

Recently I got one of those smart watches to track my bike rides, but with all the data it’s collecting and its integration into other IoT (Internet of Things) at my home, I’m concerned about how to secure it. Any advice?

-Sleepless in Saddle

Dear Sleepless

Great question, there are a ton of IoT devices out there and a ton with bad security built in. It’s important to know how your devices are talking to each other and how they are secured. We put together an article on Securing IoT Devices to help you along the way. Happy trails!

Dear ASCII, 

I’m interested in a career in InfoSec, but I'm not suuuper technical. Can you recommend any resources for me to check out?

-More "Info" Please

Dear More "Info",

There are many positions within information security. I’d highly recommend checking out this podcast on Cybersecurity as a Career Path - don’t worry, it’s only 8 mins long. We also post lots of educational materials and run two workgroups that we encourage you to join. Come hear more about what we do and what you might be interested in.

Cybersecurity Events:

  • (Jul 16–17) Diana Initiative
  • (Aug 9-11) UC Tech

See all event details at our Security Related Events page.

Find more cybersecurity best practices at our Education & Awareness page

-Information Security. Made Bearable

What keeps us busy?

These charts may help explain. The first chart shows the number of alerts processed by our threat detection systems and the second chart shows detected compromises and vulnerabilities for this quarter.

If you get a security notice from our office be sure to follow the instructions to remedy the situation immediately. 

Q2 of 2021 graph showing threats detected
Q2 of 2021 graph showing compromises and vulnerabilities detected