Purpose of UCB-Security
The UCB-Security Mailing List (ucb-security@lists.berkeley.edu) is a private, non-archived list appropriate for many types of IT security discussions. This list is intended as a communication tool to share information and resources for IT staff responsible for the security of campus information systems. The UCB-Security should be used to:
- Announce critical IT vulnerabilities and other threats likely to affect the campus
- Announce and discuss campus IT security programs
- Ask for advice or approaches to solving campus-related security challenges
All list members may post new topics and reply to current topics. We encourage relevant discussion to topics posted to the list by all list members.
Subscribing to UCB-Security
Eligibility
You are eligible to subscribe to UCB-Security if you are:
- A current UC Berkeley employee with an IT job function; or
- A current UC Berkeley employee with a job function which includes management of UC Berkeley IT staff or UC Berkeley IT budgets
Exceptions to the above are possible and requests can be made through bConnected Google Groups (see below).
Submitting a Subscription Request
Email iso@berkeley.edu and request to be added.
List Policies
Use of this mailing list is covered by the Use of Electronic Mail section of the E-Berkeley Policy for [University of California, Berkeley] Campus Online Activities.
Micronet and UCB-Security
UCB-Security should be used instead of Micronet for any security-related discussions. Micronet membership is not vetted, and the list itself is publicly archived and indexed by internet search engines. Attackers are increasingly studying the institutions they attack to learn weaknesses. This makes Micronet a bad choice for discussions that touch on security. This can include even announcing vulnerabilities in vendor or open-source packages, as this may spark a discussion about mitigation strategies for campus.
There should be no cross-posts to both UCB-Security and Micronet. Cross-posting is sending the same email at the same time to both lists. In the very unusual case where the same message should be sent to both lists, send the message twice, once to each list. However, if you find yourself tempted to post the same message to both lists, please reconsider whether this is truly necessary. If it is a security-related topic, it probably should be sent to UCB-Security alone. Otherwise, Micronet is probably the correct list.
Security topics that should NOT be discussed even on UCB-Security
- Reports of security incidents or suspicious behavior – report incidents directly to security@berkeley.edu or see Contact IT Policy for more options
- A current or past breach or compromise of UC Berkeley systems
- Extremely detailed security posture information, such as posting firewall configurations, data flow diagrams, etc.