The UCB-Security Mailing List

Purpose of UCB-Security

The UCB-Security Mailing List (ucb-security@lists.berkeley.edu) is a private, non-archived list appropriate for many types of IT security discussions. This list is intended as a communication tool to share information and resources for IT staff responsible for the security of campus information systems. The UCB-Security should be used to:

  • Announce critical IT vulnerabilities and other threats likely to affect the campus
  • Announce and discuss campus IT security programs
  • Announce and discuss Security Operations Workgroup meetings and topics
  • Ask for advice or approaches to solving campus-related security challenges

All list members may post new topics and reply to current topics. We encourage relevant discussion to topics posted to the list by all list members.

Subscribing to UCB-Security

Eligibility

You are eligible to subscribe to UCB-Security if you are:

  • A current UC Berkeley employee with an IT job function; or
  • A current UC Berkeley employee with a job function which includes management of UC Berkeley IT staff or UC Berkeley IT budgets

Exceptions to the above are possible.  Please email ucb-security-owner@lists.berkeley.edu to explain the situation.

Submitting a Subscription Request

Please use the bConnected Lists in Google Groups to request a subscription to UCB-Security:

https://groups.google.com/a/berkeley.edu/forum/#!overview

You will receive notification when your request is processed, and the mailing list moderator will contact you if there are any questions about your request.

List Policies

Use of this mailing list is covered by the Use of Electronic Mail section of the E-Berkeley Policy for [University of California, Berkeley] Campus Online Activities.

Micronet and UCB-Security

UCB-Security should be used instead of Micronet for any security-related discussions.  Micronet membership is not vetted, and the list itself is publicly archived and indexed by internet search engines.  Attackers are increasingly studying the institutions they attack to learn weaknesses.  This makes Micronet a bad choice for discussions that touch on security.  This can include even announcing vulnerabilities in vendor or open source packages, as this may spark a discussion about mitigation strategies for campus.

There should be no cross-posts to both UCB-Security and Micronet.  Cross-posting is sending the same email at the same time to both lists.  In the very unusual case where the same message should be sent to both lists, send the message twice, once to each list. However, if you find yourself tempted to post the same message to both lists, please reconsider whether this is truly necessary.  If it is a security-related topic, it probably should be sent to UCB-Security alone. Otherwise, Micronet is probably the correct list.

Security topics that should NOT be discussed even on UCB-Security

  • Reports of security incidents or suspicious behavior – report incidents directly to security@berkeley.edu or see Contact IT Policy for more options
  • A current or past breach or compromise of UC Berkeley systems
  • Extremely detailed security posture information, such as posting firewall configurations, data flow diagrams, etc.