This edition marks the one-year anniversary of our quarterly newsletter.In our newsletters, we share a little bit about the projects we are working on, the services we provide, and things we think you’ll be interested in. Add yourself to our Newsletter list to receive future installments.
So, what’s all this I have been hearing about Log4j? Log4j is a chunk of code that helps applications log their activities, kind of like a running journal. It’s free and widely used across the Internet. For example, Minecraft uses Log4j and it was one of the applications affected by this vulnerability. The vulnerability allowed attackers to gain control of the affected application by sending malicious code. That meant A TON of programs were exposed and Information Security teams across the globe were working nights, weekends, holidays, during vacations, and probably in their sleep to patch exposed systems.
Our security team at Berkeley was no different. They worked diligently alongside many IT professionals both here on campus and with vendors to make sure our Berkeley networks and systems were patched and protected.
What can you do to help? I’m glad you asked. Make sure your systems and apps are up to date and if you get any suspicious emails be sure to forward them to email@example.com
Telephone Call Retirement for CalNet 2-Step
We are retiring the use of telephone calls as an option for completing the CalNet 2-Step on Jan. 12, 2022. Remind me again, why? There are several reasons, but the biggest is that telephone calls are less secure than other authentication methods. The good news is that there are many easy-to-use options available and you can register multiple devices, so be sure to register that new phone/tablet/watch, etc. that you got over the holidays. If you need help converting, we are hosting in-person drop-in hours Jan. 11, 12, and 13, 10:00 a.m. - 2:00 p.m. in the Academic Innovation Studio (AIS) - Dwinelle Hall 117 (Level D).
No, it’s not a hip new way to abbreviate Mississippi. The MSSND stands for Minimum Security Standards for Networked Devices and it’s gotten a refresh. Cool… what does that mean for me? It means that any devices you have connected to the Berkeley network or devices that store, process, or access “institutional information” (which is like, basically everything) are required to follow these standards. So get your devices in shape by Dec. 31, 2022 (but, you know, sooner is better).
Cybersecurity Awareness Month
In case you missed it, October was Cybersecurity Awareness Month and we were super jazzed to host Nathan Wenzler for his talk, “Choose Your Own Cybersecurity Adventure: How to get started and succeed in the InfoSec field.” Even if you aren’t interested in getting a job in this field, it’s fascinating to see the different skill sets used across the industry and what future cybersecurity professionals should be learning.
It is with mixed emotions that we wish Greg Snow a happy retirement! Uh, why mixed? For starters, if you've worked with Greg in his over 35 years here at Berkeley, you would know that he always has the best dad jokes. But seriously, Greg helped build many of the systems that make Cal, Cal, including the SIS Campus Solutions and the Cal1Card system. Starting as a programmer in Residential and Student Services Programs, Greg’s role grew to include large-system design and architecture AND he was known as being a highly technical, big-picture, and detail-oriented team member, and an overall wonderful person. We will miss working with him and wish him well in retirement.
We'd also like to congratulate Karl Aquino for being promoted to a Security Analyst IV position! Karl joined the Information Security Assessments team in late 2020. Since then, he has conducted dozens of assessments for the campus. Karl also manages our risk assessment tool and continues to supervise the Student Affairs Information Security team. Kudos, Karl!