From: Eric Chamberlain, CISSP (eric_at_uclink.berkeley.edu)
Date: Wed Aug 27 2003 - 15:00:04 PDT
No, but if you improperly park your car on campus while rushing to fix
mission critical computers, your car will be ticketed and towed before
your network connection is disabled. That gives me an idea... I propose a
policy where if Jake or Craig start to write a ticket for a security
violation before you login, then you have to pay a fine that is used to
improve campus security.
-- Eric Chamberlain, CISSP Campus Active Directory Architect Central Computing Services University of California, Berkeley http://calnetad.berkeley.edu > -----Original Message----- > From: owner-ucb-security_at_uclink4.berkeley.edu > [mailto:owner-ucb-security_at_uclink4.berkeley.edu] On Behalf Of > Geoffrey Kidd > Sent: Wednesday, August 27, 2003 2:48 PM > To: George C. Kaplan > Cc: micronet-list_at_uclink.berkeley.edu; > ucb-security_at_uclink.berkeley.edu > Subject: Re: [Security] Re: [Micronet] Fwd: What do they use > for brains? > > > "strong language in the Blu Terms of > Use". > > So I park my car in a bad neighborhood with the keys in the > ignition, the doors unlocked, hundred-dollar bills in plain > sight on the back seat and a note with "strong language" > saying "Do not steal this car?" > > > > At 02:34 PM 8/27/2003, you wrote: > >In message <3F4CFD7F.D9A92A70_at_eecs.berkeley.edu>, "Alexander Brown" > >writes: > > > When you log into blu with your calnet credentials, you then have > > > the option to change where your paycheck is direct > deposited. There > > > is no additional opt-in; if you have a calnet ID, you are > set up to > > > be able to do this. Additionally, there is no way to opt out. > > > Anyone who steals your calnet credentials can therefore also > > > redirect your paycheck to the account of their choice. > > > >Not only can you change your direct deposit options, but if > you do have > >it set up, blu will display your full bank account number. > (Ironic; my > >*bank* doesn't even display the full account number on their > web site). > >So even if an intruder doesn't change your direct deposit, > he could do > >all sorts of mischief using your bank account number and SSN. > > > >I raised this with the Blu staff when the portal first went > live, and > >never received a satisfactory answer, beyond bland assurances of > >"enterprise level security" and "strong language in the Blu Terms of > >Use". > > > >-- > >George C. Kaplan gckaplan_at_ack.berkeley.edu > >Communication & Network Services 510-643-0496 > >University of California at Berkeley > > > > > >------------------------------------- > >Sent via the ucb-security mailing list. > > ------------------------------------- > Sent via the ucb-security mailing list. >
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
This archive was generated by hypermail 2.1.5 : Wed Aug 27 2003 - 15:19:46 PDT