[Micronet] FW: Invitation for Voluntary Disability Survey

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] FW: Invitation for Voluntary Disability Survey

Kevin Burney
University of California Survey Notification

Is this legit? 

 

1.       It is not from UCOP or UCB.  (Who is this sender [hidden email]?  I have never heard of VR Election Services)

2.       The links provided do not reside in UC namespace.  (I thought we promoted not to respond to links in an unsolicited email).

3.       Just because it has the UC Seal does not really mean anything as they are publically available.

4.       Anyone can look up on the UCOP site what the name of the Director Employee Relations for University of California - Office of the President.

 

In my opinion, this type of message should be a publically signed message to ensure it was from the listed email account and that it was unchanged after being sent.

 

-Kevin Burney

 

_________________________________

Kevin D. Burney

Active Directory Systems Engineer

Enterprise Windows Team

University of California, Berkeley

(510) 827-8476

 

 

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: GnuPG v2.0.22 (MingW32)

 

mQENBFM7Ay0BCADQUgqP26YUwy370moW+6+mOhe0W5kB6r2OivF1qyCwsJ/l459+

LnHiTIJV3tWYBRlwcyKMP3xcdRiJuWTPWunxBkkkScRJefGRzpF9ZuJnJ8M5pi4F

rOu7liUoEtUXv/wDoLYRTAGXD3/LSe0vu9pSPfRGzbxOw/AmX4SSbBWIWiwrtvM+

uMGiYEJFrujI9GWJFZ/yUkeccIXWnosyc2/pP+JTz+WKsu335mVmbXeD6982GwH6

JxqH0B78CuCPIvYCSaDmgeTwMtPysy6b240YMD9RNDDK1USUuJ3CrNoAIuTXv5b1

ytzQTX+2piCk2y8QyTcMH1Ba0VHBg+0E73QDABEBAAG0I0tldmluIEJ1cm5leSA8

a2J1cm5leUBiZXJrZWxleS5lZHU+iQE5BBMBAgAjBQJTOwMtAhsPBwsJCAcDAgEG

FQgCCQoLBBYCAwECHgECF4AACgkQ1MCrpCUbvGrEfAf/eSsCTRbVIuNSlTYbKISB

PYLPw6KeXNndqFsFO2x3t/chqsKQQBAcCBETFrMednlwirTrh43CPC82D4Q6fUZr

IrP8iydtYRrsvsLRbJLd/23prVKjPzVcLW1ZdvaUmoGvQhhtv5Mk3AiTrAvGJjoE

FxU/ErAW0uvJjTmoUM7CSBa/BkUJwx0KpduZa3F84jy51bEZvbnh+GjY2bTjGgl0

08dNOpMLa5+a5X3QjgrZvjgeOTO07CMbqcvGf0wmm9c3c8yhkSLj+fd0HRkVMBqk

rYkri5Mxd4NOEVgZGFO56GiGwBOt+4Mhu6CyfYSngzDJioiNFAJvPt4dKoY0rM9n

MA==

=yVJr

-----END PGP PUBLIC KEY BLOCK-----

 

 

 

 

From: [hidden email] [mailto:[hidden email]]
Sent: Thursday, April 03, 2014 2:48 PM
To: [hidden email]
Subject: Invitation for Voluntary Disability Survey

 

University of California Advisory Board

 

Dear UC Colleagues,

Recent changes to Section 503 of the Rehabilitation Act of 1973, as amended (Section 503) at 41 CFR Part 60-741 require UC and other federal government contractors to invite employees to voluntarily self-identify their disability status effective immediately, and every five years thereafter.

Please take a moment to complete this one-question voluntary survey at the website shown below. The website is hosted by VR Election Services (VRES), the vendor UC has hired to administer the survey. The survey form also includes a short list of possible types of disabilities, information about why you are being asked about your disability status and an explanation of how the survey information will be used.

Taking the survey is easy. Simply write down your PIN number shown below; then go to the website at the link below. Enter the month/date of your birth and your PIN to answer the survey question.

Your response to this survey is extremely important to UC as it will provide information to help assess whether the university is complying with its nondiscrimination and affirmative action obligations to recruit and employ qualified individuals with disabilities.

For more information about the survey visit UCnet.. For more information about Section 503 changes and the survey, visit the Department of Labor Office of Federal Contract Compliance Programs website.

 

 

 

Personal Identification Number : 7592436

Link to Disability Survey
(or paste this URL into your browser: http://www.vres.us/UCDisability.)

 


Sincerely,

Joseph Epperson
Director Employee Relations
University of California - Office of the President


Please do not respond to this e-mail.

This e-mail was sent by:
VR Election Services,
3222 Skylane Dr Bldg 100
Carrollton, TX, 75006.

 


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

smime.p7s (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] FW: Invitation for Voluntary Disability Survey

Bernie Rossi
Yes, this is legit.  UCOP gave us warning ahead of time about it being sent.

Bernie

On 4/3/14 3:04 PM, Kevin Burney wrote:

> Is this legit?
>
> 1.It is not from UCOP or UCB.  (Who is this sender
> [hidden email] <mailto:[hidden email]>?  I
> have never heard of VR Election Services)
>
> 2.The links provided do not reside in UC namespace.  (I thought we
> promoted not to respond to links in an unsolicited email).
>
> 3.Just because it has the UC Seal does not really mean anything as they
> are publically available.
>
> 4.Anyone can look up on the UCOP site what the name of the Director
> Employee Relations for University of California - Office of the President.
>
> In my opinion, this type of message should be a publically signed
> message to ensure it was from the listed email account and that it was
> unchanged after being sent.
>
> -Kevin Burney
>
> _________________________________
>
> Kevin D. Burney
>
> Active Directory Systems Engineer
>
> Enterprise Windows Team
>
> University of California, Berkeley
>
> (510) 827-8476
>
> -----BEGIN PGP PUBLIC KEY BLOCK-----
>
> Version: GnuPG v2.0.22 (MingW32)
>
> mQENBFM7Ay0BCADQUgqP26YUwy370moW+6+mOhe0W5kB6r2OivF1qyCwsJ/l459+
>
> LnHiTIJV3tWYBRlwcyKMP3xcdRiJuWTPWunxBkkkScRJefGRzpF9ZuJnJ8M5pi4F
>
> rOu7liUoEtUXv/wDoLYRTAGXD3/LSe0vu9pSPfRGzbxOw/AmX4SSbBWIWiwrtvM+
>
> uMGiYEJFrujI9GWJFZ/yUkeccIXWnosyc2/pP+JTz+WKsu335mVmbXeD6982GwH6
>
> JxqH0B78CuCPIvYCSaDmgeTwMtPysy6b240YMD9RNDDK1USUuJ3CrNoAIuTXv5b1
>
> ytzQTX+2piCk2y8QyTcMH1Ba0VHBg+0E73QDABEBAAG0I0tldmluIEJ1cm5leSA8
>
> a2J1cm5leUBiZXJrZWxleS5lZHU+iQE5BBMBAgAjBQJTOwMtAhsPBwsJCAcDAgEG
>
> FQgCCQoLBBYCAwECHgECF4AACgkQ1MCrpCUbvGrEfAf/eSsCTRbVIuNSlTYbKISB
>
> PYLPw6KeXNndqFsFO2x3t/chqsKQQBAcCBETFrMednlwirTrh43CPC82D4Q6fUZr
>
> IrP8iydtYRrsvsLRbJLd/23prVKjPzVcLW1ZdvaUmoGvQhhtv5Mk3AiTrAvGJjoE
>
> FxU/ErAW0uvJjTmoUM7CSBa/BkUJwx0KpduZa3F84jy51bEZvbnh+GjY2bTjGgl0
>
> 08dNOpMLa5+a5X3QjgrZvjgeOTO07CMbqcvGf0wmm9c3c8yhkSLj+fd0HRkVMBqk
>
> rYkri5Mxd4NOEVgZGFO56GiGwBOt+4Mhu6CyfYSngzDJioiNFAJvPt4dKoY0rM9n
>
> MA==
>
> =yVJr
>
> -----END PGP PUBLIC KEY BLOCK-----
>
> *From:*[hidden email] [mailto:[hidden email]]
> *Sent:* Thursday, April 03, 2014 2:48 PM
> *To:* [hidden email]
> *Subject:* Invitation for Voluntary Disability Survey
>
> University of California Advisory Board
>
> Dear UC Colleagues,
>
> Recent changes to Section 503 of the Rehabilitation Act of 1973, as
> amended (Section 503) at 41 CFR Part 60-741 require UC and other federal
> government contractors to invite employees to voluntarily self-identify
> their disability status effective immediately, and every five years
> thereafter.
>
> Please take a moment to complete this one-question voluntary survey at
> the website shown below. The website is hosted by VR Election Services
> (VRES), the vendor UC has hired to administer the survey. The survey
> form also includes a short list of possible types of disabilities,
> information about why you are being asked about your disability status
> and an explanation of how the survey information will be used.
>
> Taking the survey is easy. Simply write down your PIN number shown
> below; then go to the website at the link below. Enter the month/date of
> your birth and your PIN to answer the survey question.
>
> Your response to this survey is extremely important to UC as it will
> provide information to help assess whether the university is complying
> with its nondiscrimination and affirmative action obligations to recruit
> and employ qualified individuals with disabilities.
>
> For more information about the survey visit UCnet.
> <ucnet.universityofcalifornia.edu/news/2014/03/Disability-survey.html>.
> For more information about Section 503 changes and the survey, visit the
> Department of Labor Office of Federal Contract Compliance Programs
> website. <http://www.dol.gov/ofccp/regs/compliance/section503.htm>
>
>
>
> Personal Identification Number : 7592436
>
>
>
> Link to Disability Survey <https://www.vres.us/webapps/vwr2101.pgm>
> (or paste this URL into your browser: http://www.vres.us/UCDisability.)
>
>
> Sincerely,
>
> Joseph Epperson
> Director Employee Relations
> University of California - Office of the President
>
>
> */_Please do not respond to this e-mail._/*
>
> This e-mail was sent by:
> VR Election Services,
> 3222 Skylane Dr Bldg 100
> Carrollton, TX, 75006.
>
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] FW: Invitation for Voluntary Disability Survey

jon kuroda-2
I received the micronet chatter about this before I got my copy of
this survey email-ham.

This still does not inspire my confidence.

I can appreciate the need/utility of using an external service
provider, especially to provide better auditing/anonymity/etc,
but there should be a notice from UCOP via Campus saying "Hey,
we're using an external provider." with a link on UCOP's site.

--Jon

On Thu, Apr 03, 2014 at 03:10:29PM -0700, Bernie Rossi wrote:

> Yes, this is legit.  UCOP gave us warning ahead of time about it being sent.
>
> Bernie
>
> On 4/3/14 3:04 PM, Kevin Burney wrote:
> > Is this legit?
> >
> > 1.It is not from UCOP or UCB.  (Who is this sender
> > [hidden email] <mailto:[hidden email]>?  I
> > have never heard of VR Election Services)
> >
> > 2.The links provided do not reside in UC namespace.  (I thought we
> > promoted not to respond to links in an unsolicited email).
> >
> > 3.Just because it has the UC Seal does not really mean anything as they
> > are publically available.
> >
> > 4.Anyone can look up on the UCOP site what the name of the Director
> > Employee Relations for University of California - Office of the President.
> >
> > In my opinion, this type of message should be a publically signed
> > message to ensure it was from the listed email account and that it was
> > unchanged after being sent.
> >
> > -Kevin Burney
> >
> > _________________________________
> >
> > Kevin D. Burney
> >
> > Active Directory Systems Engineer
> >
> > Enterprise Windows Team
> >
> > University of California, Berkeley
> >
> > (510) 827-8476
> >
> > -----BEGIN PGP PUBLIC KEY BLOCK-----
> >
> > Version: GnuPG v2.0.22 (MingW32)
> >
> > mQENBFM7Ay0BCADQUgqP26YUwy370moW+6+mOhe0W5kB6r2OivF1qyCwsJ/l459+
> >
> > LnHiTIJV3tWYBRlwcyKMP3xcdRiJuWTPWunxBkkkScRJefGRzpF9ZuJnJ8M5pi4F
> >
> > rOu7liUoEtUXv/wDoLYRTAGXD3/LSe0vu9pSPfRGzbxOw/AmX4SSbBWIWiwrtvM+
> >
> > uMGiYEJFrujI9GWJFZ/yUkeccIXWnosyc2/pP+JTz+WKsu335mVmbXeD6982GwH6
> >
> > JxqH0B78CuCPIvYCSaDmgeTwMtPysy6b240YMD9RNDDK1USUuJ3CrNoAIuTXv5b1
> >
> > ytzQTX+2piCk2y8QyTcMH1Ba0VHBg+0E73QDABEBAAG0I0tldmluIEJ1cm5leSA8
> >
> > a2J1cm5leUBiZXJrZWxleS5lZHU+iQE5BBMBAgAjBQJTOwMtAhsPBwsJCAcDAgEG
> >
> > FQgCCQoLBBYCAwECHgECF4AACgkQ1MCrpCUbvGrEfAf/eSsCTRbVIuNSlTYbKISB
> >
> > PYLPw6KeXNndqFsFO2x3t/chqsKQQBAcCBETFrMednlwirTrh43CPC82D4Q6fUZr
> >
> > IrP8iydtYRrsvsLRbJLd/23prVKjPzVcLW1ZdvaUmoGvQhhtv5Mk3AiTrAvGJjoE
> >
> > FxU/ErAW0uvJjTmoUM7CSBa/BkUJwx0KpduZa3F84jy51bEZvbnh+GjY2bTjGgl0
> >
> > 08dNOpMLa5+a5X3QjgrZvjgeOTO07CMbqcvGf0wmm9c3c8yhkSLj+fd0HRkVMBqk
> >
> > rYkri5Mxd4NOEVgZGFO56GiGwBOt+4Mhu6CyfYSngzDJioiNFAJvPt4dKoY0rM9n
> >
> > MA==
> >
> > =yVJr
> >
> > -----END PGP PUBLIC KEY BLOCK-----
> >
> > *From:*[hidden email] [mailto:[hidden email]]
> > *Sent:* Thursday, April 03, 2014 2:48 PM
> > *To:* [hidden email]
> > *Subject:* Invitation for Voluntary Disability Survey
> >
> > University of California Advisory Board
> >
> > Dear UC Colleagues,
> >
> > Recent changes to Section 503 of the Rehabilitation Act of 1973, as
> > amended (Section 503) at 41 CFR Part 60-741 require UC and other federal
> > government contractors to invite employees to voluntarily self-identify
> > their disability status effective immediately, and every five years
> > thereafter.
> >
> > Please take a moment to complete this one-question voluntary survey at
> > the website shown below. The website is hosted by VR Election Services
> > (VRES), the vendor UC has hired to administer the survey. The survey
> > form also includes a short list of possible types of disabilities,
> > information about why you are being asked about your disability status
> > and an explanation of how the survey information will be used.
> >
> > Taking the survey is easy. Simply write down your PIN number shown
> > below; then go to the website at the link below. Enter the month/date of
> > your birth and your PIN to answer the survey question.
> >
> > Your response to this survey is extremely important to UC as it will
> > provide information to help assess whether the university is complying
> > with its nondiscrimination and affirmative action obligations to recruit
> > and employ qualified individuals with disabilities.
> >
> > For more information about the survey visit UCnet.
> > <ucnet.universityofcalifornia.edu/news/2014/03/Disability-survey.html>.
> > For more information about Section 503 changes and the survey, visit the
> > Department of Labor Office of Federal Contract Compliance Programs
> > website. <http://www.dol.gov/ofccp/regs/compliance/section503.htm>
> >
> >
> >
> > Personal Identification Number : 7592436
> >
> >
> >
> > Link to Disability Survey <https://www.vres.us/webapps/vwr2101.pgm>
> > (or paste this URL into your browser: http://www.vres.us/UCDisability.)
> >
> >
> > Sincerely,
> >
> > Joseph Epperson
> > Director Employee Relations
> > University of California - Office of the President
> >
> >
> > */_Please do not respond to this e-mail._/*
> >
> > This e-mail was sent by:
> > VR Election Services,
> > 3222 Skylane Dr Bldg 100
> > Carrollton, TX, 75006.
> >
> >
> >
> >
> > -------------------------------------------------------------------------
> > The following was automatically added to this message by the list server:
> >
> > To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
> >
> > http://micronet.berkeley.edu
> >
> > Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
> >
>
>
>  
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Invitation for Voluntary Disability Survey

Joseph Epperson
In reply to this post by Kevin Burney
University of California Survey Notification

Kevin,

 

Yes.  This is legit.  The announcements went through UCOP Communications networks and Campus Editors.  Additional information is located on the University Website.   

 

 

Thank you.

 

Joe Epperson

Director

Employee Relations

UC Human Resources

University Of California, Office Of The President

1111 Franklin Street, 5th Floor

Oakland, California 94607

Tel: 510 987-0606

Fax: 510 217-4340

 

 

 

From: Kevin Burney [mailto:[hidden email]]
Sent: Thursday, April 03, 2014 3:04 PM
To: [hidden email]
Cc: [hidden email]; Joseph Epperson
Subject: FW: Invitation for Voluntary Disability Survey

 

Is this legit? 

 

1.       It is not from UCOP or UCB.  (Who is this sender [hidden email]?  I have never heard of VR Election Services)

2.       The links provided do not reside in UC namespace.  (I thought we promoted not to respond to links in an unsolicited email).

3.       Just because it has the UC Seal does not really mean anything as they are publically available.

4.       Anyone can look up on the UCOP site what the name of the Director Employee Relations for University of California - Office of the President.

 

In my opinion, this type of message should be a publically signed message to ensure it was from the listed email account and that it was unchanged after being sent.

 

-Kevin Burney

 

_________________________________

Kevin D. Burney

Active Directory Systems Engineer

Enterprise Windows Team

University of California, Berkeley

(510) 827-8476

 

 

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: GnuPG v2.0.22 (MingW32)

 

mQENBFM7Ay0BCADQUgqP26YUwy370moW+6+mOhe0W5kB6r2OivF1qyCwsJ/l459+

LnHiTIJV3tWYBRlwcyKMP3xcdRiJuWTPWunxBkkkScRJefGRzpF9ZuJnJ8M5pi4F

rOu7liUoEtUXv/wDoLYRTAGXD3/LSe0vu9pSPfRGzbxOw/AmX4SSbBWIWiwrtvM+

uMGiYEJFrujI9GWJFZ/yUkeccIXWnosyc2/pP+JTz+WKsu335mVmbXeD6982GwH6

JxqH0B78CuCPIvYCSaDmgeTwMtPysy6b240YMD9RNDDK1USUuJ3CrNoAIuTXv5b1

ytzQTX+2piCk2y8QyTcMH1Ba0VHBg+0E73QDABEBAAG0I0tldmluIEJ1cm5leSA8

a2J1cm5leUBiZXJrZWxleS5lZHU+iQE5BBMBAgAjBQJTOwMtAhsPBwsJCAcDAgEG

FQgCCQoLBBYCAwECHgECF4AACgkQ1MCrpCUbvGrEfAf/eSsCTRbVIuNSlTYbKISB

PYLPw6KeXNndqFsFO2x3t/chqsKQQBAcCBETFrMednlwirTrh43CPC82D4Q6fUZr

IrP8iydtYRrsvsLRbJLd/23prVKjPzVcLW1ZdvaUmoGvQhhtv5Mk3AiTrAvGJjoE

FxU/ErAW0uvJjTmoUM7CSBa/BkUJwx0KpduZa3F84jy51bEZvbnh+GjY2bTjGgl0

08dNOpMLa5+a5X3QjgrZvjgeOTO07CMbqcvGf0wmm9c3c8yhkSLj+fd0HRkVMBqk

rYkri5Mxd4NOEVgZGFO56GiGwBOt+4Mhu6CyfYSngzDJioiNFAJvPt4dKoY0rM9n

MA==

=yVJr

-----END PGP PUBLIC KEY BLOCK-----

 

 

 

 

From: [hidden email] [[hidden email]]
Sent: Thursday, April 03, 2014 2:48 PM
To: [hidden email]
Subject: Invitation for Voluntary Disability Survey

 

University of California Advisory Board

 

Dear UC Colleagues,

Recent changes to Section 503 of the Rehabilitation Act of 1973, as amended (Section 503) at 41 CFR Part 60-741 require UC and other federal government contractors to invite employees to voluntarily self-identify their disability status effective immediately, and every five years thereafter.

Please take a moment to complete this one-question voluntary survey at the website shown below. The website is hosted by VR Election Services (VRES), the vendor UC has hired to administer the survey. The survey form also includes a short list of possible types of disabilities, information about why you are being asked about your disability status and an explanation of how the survey information will be used.

Taking the survey is easy. Simply write down your PIN number shown below; then go to the website at the link below. Enter the month/date of your birth and your PIN to answer the survey question.

Your response to this survey is extremely important to UC as it will provide information to help assess whether the university is complying with its nondiscrimination and affirmative action obligations to recruit and employ qualified individuals with disabilities.

For more information about the survey visit UCnet.. For more information about Section 503 changes and the survey, visit the Department of Labor Office of Federal Contract Compliance Programs website.

 

 

 

Personal Identification Number : 7592436

Link to Disability Survey
(or paste this URL into your browser: http://www.vres.us/UCDisability.)

 


Sincerely,

Joseph Epperson
Director Employee Relations
University of California - Office of the President


Please do not respond to this e-mail.

This e-mail was sent by:
VR Election Services,
3222 Skylane Dr Bldg 100
Carrollton, TX, 75006.

 


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] FW: Invitation for Voluntary Disability Survey

paul rivers
In reply to this post by jon kuroda-2

I certainly agree. The burden is on our campus, though, to define the
requirements for such mass communications. UCOP has said in email and
verbally they will adhere to any such requirements we assert around mass
emails.

Lisa Ho is leading an effort to analyze the situation and compile
requirements, both of a technical nature and related to content. The
result of this effort will be a campus policy around mass electronic
communications.

If you have ideas on this, or would like to be an active participant,
contact Lisa at [hidden email].

This effort will also help create more succinct guidance for campus on
how to evaluate the authenticity of an email. This is a huge problem
right now, and it goes beyond just mass emails.

As just one additional example, we have numerous campus websites which
proxy CalNet credentials. While I do understand not everything easily
integrates with CAS, a side effect of such widespread proxying is
training campus to potentially hand their credentials over to almost any
website, rather than just https://auth.berkeley.edu/.  We will likely
have to revisit how lax we've been on allowing proxying in the months
ahead.

Regards,
Paul



On 04/03/2014 03:28 PM, jon kuroda wrote:

> I received the micronet chatter about this before I got my copy of
> this survey email-ham.
>
> This still does not inspire my confidence.
>
> I can appreciate the need/utility of using an external service
> provider, especially to provide better auditing/anonymity/etc,
> but there should be a notice from UCOP via Campus saying "Hey,
> we're using an external provider." with a link on UCOP's site.
>
> --Jon
>
> On Thu, Apr 03, 2014 at 03:10:29PM -0700, Bernie Rossi wrote:
>> Yes, this is legit.  UCOP gave us warning ahead of time about it being sent.
>>
>> Bernie
>>
>> On 4/3/14 3:04 PM, Kevin Burney wrote:
>>> Is this legit?
>>>
>>> 1.It is not from UCOP or UCB.  (Who is this sender
>>> [hidden email] <mailto:[hidden email]>?  I
>>> have never heard of VR Election Services)
>>>
>>> 2.The links provided do not reside in UC namespace.  (I thought we
>>> promoted not to respond to links in an unsolicited email).
>>>
>>> 3.Just because it has the UC Seal does not really mean anything as they
>>> are publically available.
>>>
>>> 4.Anyone can look up on the UCOP site what the name of the Director
>>> Employee Relations for University of California - Office of the President.
>>>
>>> In my opinion, this type of message should be a publically signed
>>> message to ensure it was from the listed email account and that it was
>>> unchanged after being sent.
>>>
>>> -Kevin Burney
>>>
>>> _________________________________
>>>
>>> Kevin D. Burney
>>>
>>> Active Directory Systems Engineer
>>>
>>> Enterprise Windows Team
>>>
>>> University of California, Berkeley
>>>
>>> (510) 827-8476
>>>
>>> -----BEGIN PGP PUBLIC KEY BLOCK-----
>>>
>>> Version: GnuPG v2.0.22 (MingW32)
>>>
>>> mQENBFM7Ay0BCADQUgqP26YUwy370moW+6+mOhe0W5kB6r2OivF1qyCwsJ/l459+
>>>
>>> LnHiTIJV3tWYBRlwcyKMP3xcdRiJuWTPWunxBkkkScRJefGRzpF9ZuJnJ8M5pi4F
>>>
>>> rOu7liUoEtUXv/wDoLYRTAGXD3/LSe0vu9pSPfRGzbxOw/AmX4SSbBWIWiwrtvM+
>>>
>>> uMGiYEJFrujI9GWJFZ/yUkeccIXWnosyc2/pP+JTz+WKsu335mVmbXeD6982GwH6
>>>
>>> JxqH0B78CuCPIvYCSaDmgeTwMtPysy6b240YMD9RNDDK1USUuJ3CrNoAIuTXv5b1
>>>
>>> ytzQTX+2piCk2y8QyTcMH1Ba0VHBg+0E73QDABEBAAG0I0tldmluIEJ1cm5leSA8
>>>
>>> a2J1cm5leUBiZXJrZWxleS5lZHU+iQE5BBMBAgAjBQJTOwMtAhsPBwsJCAcDAgEG
>>>
>>> FQgCCQoLBBYCAwECHgECF4AACgkQ1MCrpCUbvGrEfAf/eSsCTRbVIuNSlTYbKISB
>>>
>>> PYLPw6KeXNndqFsFO2x3t/chqsKQQBAcCBETFrMednlwirTrh43CPC82D4Q6fUZr
>>>
>>> IrP8iydtYRrsvsLRbJLd/23prVKjPzVcLW1ZdvaUmoGvQhhtv5Mk3AiTrAvGJjoE
>>>
>>> FxU/ErAW0uvJjTmoUM7CSBa/BkUJwx0KpduZa3F84jy51bEZvbnh+GjY2bTjGgl0
>>>
>>> 08dNOpMLa5+a5X3QjgrZvjgeOTO07CMbqcvGf0wmm9c3c8yhkSLj+fd0HRkVMBqk
>>>
>>> rYkri5Mxd4NOEVgZGFO56GiGwBOt+4Mhu6CyfYSngzDJioiNFAJvPt4dKoY0rM9n
>>>
>>> MA==
>>>
>>> =yVJr
>>>
>>> -----END PGP PUBLIC KEY BLOCK-----
>>>
>>> *From:*[hidden email] [mailto:[hidden email]]
>>> *Sent:* Thursday, April 03, 2014 2:48 PM
>>> *To:* [hidden email]
>>> *Subject:* Invitation for Voluntary Disability Survey
>>>
>>> University of California Advisory Board
>>>
>>> Dear UC Colleagues,
>>>
>>> Recent changes to Section 503 of the Rehabilitation Act of 1973, as
>>> amended (Section 503) at 41 CFR Part 60-741 require UC and other federal
>>> government contractors to invite employees to voluntarily self-identify
>>> their disability status effective immediately, and every five years
>>> thereafter.
>>>
>>> Please take a moment to complete this one-question voluntary survey at
>>> the website shown below. The website is hosted by VR Election Services
>>> (VRES), the vendor UC has hired to administer the survey. The survey
>>> form also includes a short list of possible types of disabilities,
>>> information about why you are being asked about your disability status
>>> and an explanation of how the survey information will be used.
>>>
>>> Taking the survey is easy. Simply write down your PIN number shown
>>> below; then go to the website at the link below. Enter the month/date of
>>> your birth and your PIN to answer the survey question.
>>>
>>> Your response to this survey is extremely important to UC as it will
>>> provide information to help assess whether the university is complying
>>> with its nondiscrimination and affirmative action obligations to recruit
>>> and employ qualified individuals with disabilities.
>>>
>>> For more information about the survey visit UCnet.
>>> <ucnet.universityofcalifornia.edu/news/2014/03/Disability-survey.html>.
>>> For more information about Section 503 changes and the survey, visit the
>>> Department of Labor Office of Federal Contract Compliance Programs
>>> website. <http://www.dol.gov/ofccp/regs/compliance/section503.htm>
>>>
>>>
>>>
>>> Personal Identification Number : 7592436
>>>
>>>
>>>
>>> Link to Disability Survey <https://www.vres.us/webapps/vwr2101.pgm>
>>> (or paste this URL into your browser: http://www.vres.us/UCDisability.)
>>>
>>>
>>> Sincerely,
>>>
>>> Joseph Epperson
>>> Director Employee Relations
>>> University of California - Office of the President
>>>
>>>
>>> */_Please do not respond to this e-mail._/*
>>>
>>> This e-mail was sent by:
>>> VR Election Services,
>>> 3222 Skylane Dr Bldg 100
>>> Carrollton, TX, 75006.
>>>
>>>
>>>
>>>
>>> -------------------------------------------------------------------------
>>> The following was automatically added to this message by the list server:
>>>
>>> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>>>
>>> http://micronet.berkeley.edu
>>>
>>> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>>>
>>
>>
>>  
>> -------------------------------------------------------------------------
>> The following was automatically added to this message by the list server:
>>
>> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>>
>> http://micronet.berkeley.edu
>>
>> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Invitation for Voluntary Disability Survey

jon kuroda-2
In reply to this post by Joseph Epperson
Specifically the UCOP website where it is one of three rotating items
on the main page.  I missed it the first time because of that very
feature - it had rotated out to the second item already by the time I
was able to return to pay attention to the page.

For the sight impaired, there is a bit of fancy CSS/HTML that cycles
through three items on graphical browsers but probably gets rendered
as three list items in screen readers - perhaps the first time that
a piece of web content was ever so slightly more accessible to the
sight-impaired.

In any case, this URL really should be *in* the communication itself.

--Jon

On Thu, Apr 03, 2014 at 10:37:50PM +0000, Joseph Epperson wrote:

> Kevin,
>
> Yes.  This is legit.  The announcements went through UCOP Communications networks and Campus Editors.  Additional information is located on the University Website.
>
>
> Thank you.
>
> Joe Epperson
> Director
> Employee Relations
> UC Human Resources
> University Of California, Office Of The President
> 1111 Franklin Street, 5th Floor
> Oakland, California 94607
> Tel: 510 987-0606
> Fax: 510 217-4340
>
>
>
> From: Kevin Burney [mailto:[hidden email]]
> Sent: Thursday, April 03, 2014 3:04 PM
> To: [hidden email]
> Cc: [hidden email]; Joseph Epperson
> Subject: FW: Invitation for Voluntary Disability Survey
>
> Is this legit?
>
>
> 1.       It is not from UCOP or UCB.  (Who is this sender [hidden email]<mailto:[hidden email]>?  I have never heard of VR Election Services)
>
> 2.       The links provided do not reside in UC namespace.  (I thought we promoted not to respond to links in an unsolicited email).
>
> 3.       Just because it has the UC Seal does not really mean anything as they are publically available.
>
> 4.       Anyone can look up on the UCOP site what the name of the Director Employee Relations for University of California - Office of the President.
>
> In my opinion, this type of message should be a publically signed message to ensure it was from the listed email account and that it was unchanged after being sent.
>
> -Kevin Burney
>
> _________________________________
> Kevin D. Burney
> Active Directory Systems Engineer
> Enterprise Windows Team
> University of California, Berkeley
> (510) 827-8476
>
>
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: GnuPG v2.0.22 (MingW32)
>
> mQENBFM7Ay0BCADQUgqP26YUwy370moW+6+mOhe0W5kB6r2OivF1qyCwsJ/l459+
> LnHiTIJV3tWYBRlwcyKMP3xcdRiJuWTPWunxBkkkScRJefGRzpF9ZuJnJ8M5pi4F
> rOu7liUoEtUXv/wDoLYRTAGXD3/LSe0vu9pSPfRGzbxOw/AmX4SSbBWIWiwrtvM+
> uMGiYEJFrujI9GWJFZ/yUkeccIXWnosyc2/pP+JTz+WKsu335mVmbXeD6982GwH6
> JxqH0B78CuCPIvYCSaDmgeTwMtPysy6b240YMD9RNDDK1USUuJ3CrNoAIuTXv5b1
> ytzQTX+2piCk2y8QyTcMH1Ba0VHBg+0E73QDABEBAAG0I0tldmluIEJ1cm5leSA8
> a2J1cm5leUBiZXJrZWxleS5lZHU+iQE5BBMBAgAjBQJTOwMtAhsPBwsJCAcDAgEG
> FQgCCQoLBBYCAwECHgECF4AACgkQ1MCrpCUbvGrEfAf/eSsCTRbVIuNSlTYbKISB
> PYLPw6KeXNndqFsFO2x3t/chqsKQQBAcCBETFrMednlwirTrh43CPC82D4Q6fUZr
> IrP8iydtYRrsvsLRbJLd/23prVKjPzVcLW1ZdvaUmoGvQhhtv5Mk3AiTrAvGJjoE
> FxU/ErAW0uvJjTmoUM7CSBa/BkUJwx0KpduZa3F84jy51bEZvbnh+GjY2bTjGgl0
> 08dNOpMLa5+a5X3QjgrZvjgeOTO07CMbqcvGf0wmm9c3c8yhkSLj+fd0HRkVMBqk
> rYkri5Mxd4NOEVgZGFO56GiGwBOt+4Mhu6CyfYSngzDJioiNFAJvPt4dKoY0rM9n
> MA==
> =yVJr
> -----END PGP PUBLIC KEY BLOCK-----
>
>
>
>
> From: [hidden email]<mailto:[hidden email]> [mailto:[hidden email]]
> Sent: Thursday, April 03, 2014 2:48 PM
> To: [hidden email]<mailto:[hidden email]>
> Subject: Invitation for Voluntary Disability Survey
>
> [University of California Advisory Board]
>
>
>
> Dear UC Colleagues,
>
> Recent changes to Section 503 of the Rehabilitation Act of 1973, as amended (Section 503) at 41 CFR Part 60-741 require UC and other federal government contractors to invite employees to voluntarily self-identify their disability status effective immediately, and every five years thereafter.
>
> Please take a moment to complete this one-question voluntary survey at the website shown below. The website is hosted by VR Election Services (VRES), the vendor UC has hired to administer the survey. The survey form also includes a short list of possible types of disabilities, information about why you are being asked about your disability status and an explanation of how the survey information will be used.
>
> Taking the survey is easy. Simply write down your PIN number shown below; then go to the website at the link below. Enter the month/date of your birth and your PIN to answer the survey question.
>
> Your response to this survey is extremely important to UC as it will provide information to help assess whether the university is complying with its nondiscrimination and affirmative action obligations to recruit and employ qualified individuals with disabilities.
>
> For more information about the survey visit UCnet.<ucnet.universityofcalifornia.edu/news/2014/03/Disability-survey.html>. For more information about Section 503 changes and the survey, visit the Department of Labor Office of Federal Contract Compliance Programs website.<http://www.dol.gov/ofccp/regs/compliance/section503.htm>
>
>
>
>
>
>
> Personal Identification Number : 7592436
>
> Link to Disability Survey<https://www.vres.us/webapps/vwr2101.pgm>
> (or paste this URL into your browser: http://www.vres.us/UCDisability.)
>
>
>
> Sincerely,
>
> Joseph Epperson
> Director Employee Relations
> University of California - Office of the President
>
>
> Please do not respond to this e-mail.
>
>
> This e-mail was sent by:
> VR Election Services,
> 3222 Skylane Dr Bldg 100
> Carrollton, TX, 75006.
>
>

>  
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] FW: Invitation for Voluntary Disability Survey

Nils Ohlson
In reply to this post by jon kuroda-2
I really agree with Jon here. The Campus is just asking for some clever hacker to craft a beautifully forged e-mail *apparently from* UCOP and actually from badguys@ru, that gets personal information OR departmental credentials, from a bunch of Berkeley staff, who have been
    SYSTEMATICALLY TRAINED
not to be suspicious of such e-mails!

Do we really want to train people to click away at the links in this sort of 3rd party mailing??

There should be a "rider on a white horse with a red flag galloping ahead of the train" sort of simple e-mail, from ucop.edu or berkeley.edu, saying "you are about to receive a mailing from [name the contractor] regarding [some issue]; this is Officially Blessed by the office of [whoever in berkeley or ucop] and if you have any questions, there's more information at [~ucop.edu or ~berkeley.edu website].

Is that too much to ask? 

IST evidently knew that UCOP was sending this, which is a good first step, but not enough. The cumulative effect of such mass-mailings without a *mandatory* "red-flag" precursor message is to train us to accept plausible mass-mailings as legitimate regardless of source. And that cannot be a good thing.

-Nils



On Thu, Apr 3, 2014 at 3:28 PM, jon kuroda <[hidden email]> wrote:
I received the micronet chatter about this before I got my copy of
this survey email-ham.

This still does not inspire my confidence.

I can appreciate the need/utility of using an external service
provider, especially to provide better auditing/anonymity/etc,
but there should be a notice from UCOP via Campus saying "Hey,
we're using an external provider." with a link on UCOP's site.

--Jon

On Thu, Apr 03, 2014 at 03:10:29PM -0700, Bernie Rossi wrote:
> Yes, this is legit.  UCOP gave us warning ahead of time about it being sent.
>
> Bernie
>
> On 4/3/14 3:04 PM, Kevin Burney wrote:
> > Is this legit?
> >
> > 1.It is not from UCOP or UCB.  (Who is this sender
> > [hidden email] <mailto:[hidden email]>?  I
> > have never heard of VR Election Services)
> >
> > 2.The links provided do not reside in UC namespace.  (I thought we
> > promoted not to respond to links in an unsolicited email).
> >
> > 3.Just because it has the UC Seal does not really mean anything as they
> > are publically available.
> >
> > 4.Anyone can look up on the UCOP site what the name of the Director
> > Employee Relations for University of California - Office of the President.
> >
> > In my opinion, this type of message should be a publically signed
> > message to ensure it was from the listed email account and that it was
> > unchanged after being sent.
> >
> > -Kevin Burney
> >
> > _________________________________
> >
> > Kevin D. Burney
> >
> > Active Directory Systems Engineer
> >
> > Enterprise Windows Team
> >
> > University of California, Berkeley
> >
> > (510) 827-8476
> >
> > -----BEGIN PGP PUBLIC KEY BLOCK-----
> >
> > Version: GnuPG v2.0.22 (MingW32)
> >
> > mQENBFM7Ay0BCADQUgqP26YUwy370moW+6+mOhe0W5kB6r2OivF1qyCwsJ/l459+
> >
> > LnHiTIJV3tWYBRlwcyKMP3xcdRiJuWTPWunxBkkkScRJefGRzpF9ZuJnJ8M5pi4F
> >
> > rOu7liUoEtUXv/wDoLYRTAGXD3/LSe0vu9pSPfRGzbxOw/AmX4SSbBWIWiwrtvM+
> >
> > uMGiYEJFrujI9GWJFZ/yUkeccIXWnosyc2/pP+JTz+WKsu335mVmbXeD6982GwH6
> >
> > JxqH0B78CuCPIvYCSaDmgeTwMtPysy6b240YMD9RNDDK1USUuJ3CrNoAIuTXv5b1
> >
> > ytzQTX+2piCk2y8QyTcMH1Ba0VHBg+0E73QDABEBAAG0I0tldmluIEJ1cm5leSA8
> >
> > a2J1cm5leUBiZXJrZWxleS5lZHU+iQE5BBMBAgAjBQJTOwMtAhsPBwsJCAcDAgEG
> >
> > FQgCCQoLBBYCAwECHgECF4AACgkQ1MCrpCUbvGrEfAf/eSsCTRbVIuNSlTYbKISB
> >
> > PYLPw6KeXNndqFsFO2x3t/chqsKQQBAcCBETFrMednlwirTrh43CPC82D4Q6fUZr
> >
> > IrP8iydtYRrsvsLRbJLd/23prVKjPzVcLW1ZdvaUmoGvQhhtv5Mk3AiTrAvGJjoE
> >
> > FxU/ErAW0uvJjTmoUM7CSBa/BkUJwx0KpduZa3F84jy51bEZvbnh+GjY2bTjGgl0
> >
> > 08dNOpMLa5+a5X3QjgrZvjgeOTO07CMbqcvGf0wmm9c3c8yhkSLj+fd0HRkVMBqk
> >
> > rYkri5Mxd4NOEVgZGFO56GiGwBOt+4Mhu6CyfYSngzDJioiNFAJvPt4dKoY0rM9n
> >
> > MA==
> >
> > =yVJr
> >
> > -----END PGP PUBLIC KEY BLOCK-----
> >
> > *From:*[hidden email] [mailto:[hidden email]]
> > *Sent:* Thursday, April 03, 2014 2:48 PM
> > *To:* [hidden email]
> > *Subject:* Invitation for Voluntary Disability Survey
> >
> > University of California Advisory Board
> >
> > Dear UC Colleagues,
> >
> > Recent changes to Section 503 of the Rehabilitation Act of 1973, as
> > amended (Section 503) at 41 CFR Part 60-741 require UC and other federal
> > government contractors to invite employees to voluntarily self-identify
> > their disability status effective immediately, and every five years
> > thereafter.
> >
> > Please take a moment to complete this one-question voluntary survey at
> > the website shown below. The website is hosted by VR Election Services
> > (VRES), the vendor UC has hired to administer the survey. The survey
> > form also includes a short list of possible types of disabilities,
> > information about why you are being asked about your disability status
> > and an explanation of how the survey information will be used.
> >
> > Taking the survey is easy. Simply write down your PIN number shown
> > below; then go to the website at the link below. Enter the month/date of
> > your birth and your PIN to answer the survey question.
> >
> > Your response to this survey is extremely important to UC as it will
> > provide information to help assess whether the university is complying
> > with its nondiscrimination and affirmative action obligations to recruit
> > and employ qualified individuals with disabilities.
> >
> > For more information about the survey visit UCnet.
> > <ucnet.universityofcalifornia.edu/news/2014/03/Disability-survey.html>.
> > For more information about Section 503 changes and the survey, visit the
> > Department of Labor Office of Federal Contract Compliance Programs
> > website. <http://www.dol.gov/ofccp/regs/compliance/section503.htm>
> >
> >
> >
> > Personal Identification Number : 7592436
> >
> >
> >
> > Link to Disability Survey <https://www.vres.us/webapps/vwr2101.pgm>
> > (or paste this URL into your browser: http://www.vres.us/UCDisability.)
> >
> >
> > Sincerely,
> >
> > Joseph Epperson
> > Director Employee Relations
> > University of California - Office of the President
> >
> >
> > */_Please do not respond to this e-mail._/*
> >
> > This e-mail was sent by:
> > VR Election Services,
> > 3222 Skylane Dr Bldg 100
> > Carrollton, TX, 75006.
> >
> >
> >
> >
> > -------------------------------------------------------------------------
> > The following was automatically added to this message by the list server:
> >
> > To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
> >
> > http://micronet.berkeley.edu
> >
> > Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
> >
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

(510) 642-1325 phone
(510) 642-4313 fax

[hidden email]


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] FW: Invitation for Voluntary Disability Survey

Lisa Ho
After the white horse, red flag and rider have cleared the way for the legitimate email request, be prepared for our attentive phishers to send the same email (with critical links changed) to our now more receptive -- and potentially less vigilant -- population.

(Not saying it's a bad idea, and I completely agree with the complaint -- we're looking at all options for policy.)

Lisa

-- 

Lisa Ho
IT Policy Manager
Information Security and Policy
University of California, Berkeley
510.642.2422

On Fri, Apr 4, 2014 at 9:19 AM, Nils Ohlson <[hidden email]> wrote:
I really agree with Jon here. The Campus is just asking for some clever hacker to craft a beautifully forged e-mail *apparently from* UCOP and actually from badguys@ru, that gets personal information OR departmental credentials, from a bunch of Berkeley staff, who have been
    SYSTEMATICALLY TRAINED
not to be suspicious of such e-mails!

Do we really want to train people to click away at the links in this sort of 3rd party mailing??

There should be a "rider on a white horse with a red flag galloping ahead of the train" sort of simple e-mail, from ucop.edu or berkeley.edu, saying "you are about to receive a mailing from [name the contractor] regarding [some issue]; this is Officially Blessed by the office of [whoever in berkeley or ucop] and if you have any questions, there's more information at [~ucop.edu or ~berkeley.edu website].

Is that too much to ask? 

IST evidently knew that UCOP was sending this, which is a good first step, but not enough. The cumulative effect of such mass-mailings without a *mandatory* "red-flag" precursor message is to train us to accept plausible mass-mailings as legitimate regardless of source. And that cannot be a good thing.

-Nils



On Thu, Apr 3, 2014 at 3:28 PM, jon kuroda <[hidden email]> wrote:
I received the micronet chatter about this before I got my copy of
this survey email-ham.

This still does not inspire my confidence.

I can appreciate the need/utility of using an external service
provider, especially to provide better auditing/anonymity/etc,
but there should be a notice from UCOP via Campus saying "Hey,
we're using an external provider." with a link on UCOP's site.

--Jon

On Thu, Apr 03, 2014 at 03:10:29PM -0700, Bernie Rossi wrote:
> Yes, this is legit.  UCOP gave us warning ahead of time about it being sent.
>
> Bernie
>
> On 4/3/14 3:04 PM, Kevin Burney wrote:
> > Is this legit?
> >
> > 1.It is not from UCOP or UCB.  (Who is this sender
> > [hidden email] <mailto:[hidden email]>?  I
> > have never heard of VR Election Services)
> >
> > 2.The links provided do not reside in UC namespace.  (I thought we
> > promoted not to respond to links in an unsolicited email).
> >
> > 3.Just because it has the UC Seal does not really mean anything as they
> > are publically available.
> >
> > 4.Anyone can look up on the UCOP site what the name of the Director
> > Employee Relations for University of California - Office of the President.
> >
> > In my opinion, this type of message should be a publically signed
> > message to ensure it was from the listed email account and that it was
> > unchanged after being sent.
> >
> > -Kevin Burney
> >
> > _________________________________
> >
> > Kevin D. Burney
> >
> > Active Directory Systems Engineer
> >
> > Enterprise Windows Team
> >
> > University of California, Berkeley
> >
> > (510) 827-8476
> >
> > -----BEGIN PGP PUBLIC KEY BLOCK-----
> >
> > Version: GnuPG v2.0.22 (MingW32)
> >
> > mQENBFM7Ay0BCADQUgqP26YUwy370moW+6+mOhe0W5kB6r2OivF1qyCwsJ/l459+
> >
> > LnHiTIJV3tWYBRlwcyKMP3xcdRiJuWTPWunxBkkkScRJefGRzpF9ZuJnJ8M5pi4F
> >
> > rOu7liUoEtUXv/wDoLYRTAGXD3/LSe0vu9pSPfRGzbxOw/AmX4SSbBWIWiwrtvM+
> >
> > uMGiYEJFrujI9GWJFZ/yUkeccIXWnosyc2/pP+JTz+WKsu335mVmbXeD6982GwH6
> >
> > JxqH0B78CuCPIvYCSaDmgeTwMtPysy6b240YMD9RNDDK1USUuJ3CrNoAIuTXv5b1
> >
> > ytzQTX+2piCk2y8QyTcMH1Ba0VHBg+0E73QDABEBAAG0I0tldmluIEJ1cm5leSA8
> >
> > a2J1cm5leUBiZXJrZWxleS5lZHU+iQE5BBMBAgAjBQJTOwMtAhsPBwsJCAcDAgEG
> >
> > FQgCCQoLBBYCAwECHgECF4AACgkQ1MCrpCUbvGrEfAf/eSsCTRbVIuNSlTYbKISB
> >
> > PYLPw6KeXNndqFsFO2x3t/chqsKQQBAcCBETFrMednlwirTrh43CPC82D4Q6fUZr
> >
> > IrP8iydtYRrsvsLRbJLd/23prVKjPzVcLW1ZdvaUmoGvQhhtv5Mk3AiTrAvGJjoE
> >
> > FxU/ErAW0uvJjTmoUM7CSBa/BkUJwx0KpduZa3F84jy51bEZvbnh+GjY2bTjGgl0
> >
> > 08dNOpMLa5+a5X3QjgrZvjgeOTO07CMbqcvGf0wmm9c3c8yhkSLj+fd0HRkVMBqk
> >
> > rYkri5Mxd4NOEVgZGFO56GiGwBOt+4Mhu6CyfYSngzDJioiNFAJvPt4dKoY0rM9n
> >
> > MA==
> >
> > =yVJr
> >
> > -----END PGP PUBLIC KEY BLOCK-----
> >
> > *From:*[hidden email] [mailto:[hidden email]]
> > *Sent:* Thursday, April 03, 2014 2:48 PM
> > *To:* [hidden email]
> > *Subject:* Invitation for Voluntary Disability Survey
> >
> > University of California Advisory Board
> >
> > Dear UC Colleagues,
> >
> > Recent changes to Section 503 of the Rehabilitation Act of 1973, as
> > amended (Section 503) at 41 CFR Part 60-741 require UC and other federal
> > government contractors to invite employees to voluntarily self-identify
> > their disability status effective immediately, and every five years
> > thereafter.
> >
> > Please take a moment to complete this one-question voluntary survey at
> > the website shown below. The website is hosted by VR Election Services
> > (VRES), the vendor UC has hired to administer the survey. The survey
> > form also includes a short list of possible types of disabilities,
> > information about why you are being asked about your disability status
> > and an explanation of how the survey information will be used.
> >
> > Taking the survey is easy. Simply write down your PIN number shown
> > below; then go to the website at the link below. Enter the month/date of
> > your birth and your PIN to answer the survey question.
> >
> > Your response to this survey is extremely important to UC as it will
> > provide information to help assess whether the university is complying
> > with its nondiscrimination and affirmative action obligations to recruit
> > and employ qualified individuals with disabilities.
> >
> > For more information about the survey visit UCnet.
> > <ucnet.universityofcalifornia.edu/news/2014/03/Disability-survey.html>.
> > For more information about Section 503 changes and the survey, visit the
> > Department of Labor Office of Federal Contract Compliance Programs
> > website. <http://www.dol.gov/ofccp/regs/compliance/section503.htm>
> >
> >
> >
> > Personal Identification Number : 7592436
> >
> >
> >
> > Link to Disability Survey <https://www.vres.us/webapps/vwr2101.pgm>
> > (or paste this URL into your browser: http://www.vres.us/UCDisability.)
> >
> >
> > Sincerely,
> >
> > Joseph Epperson
> > Director Employee Relations
> > University of California - Office of the President
> >
> >
> > */_Please do not respond to this e-mail._/*
> >
> > This e-mail was sent by:
> > VR Election Services,
> > 3222 Skylane Dr Bldg 100
> > Carrollton, TX, 75006.
> >
> >
> >
> >
> > -------------------------------------------------------------------------
> > The following was automatically added to this message by the list server:
> >
> > To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
> >
> > http://micronet.berkeley.edu
> >
> > Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
> >
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

(510) 642-1325 phone
(510) 642-4313 fax

[hidden email]



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.





 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] FW: Invitation for Voluntary Disability Survey

Nils Ohlson
Lisa,

I thought of that, but there ought to be a way that involves Campus sending an advisory to "go to Blu>my pages>[important mass mailing link]". No links in the e-mail, just directions. How's that?

-Nils


On Fri, Apr 4, 2014 at 12:49 PM, Lisa Ho <[hidden email]> wrote:
After the white horse, red flag and rider have cleared the way for the legitimate email request, be prepared for our attentive phishers to send the same email (with critical links changed) to our now more receptive -- and potentially less vigilant -- population.

(Not saying it's a bad idea, and I completely agree with the complaint -- we're looking at all options for policy.)

Lisa

-- 

Lisa Ho
IT Policy Manager
Information Security and Policy
University of California, Berkeley
510.642.2422

On Fri, Apr 4, 2014 at 9:19 AM, Nils Ohlson <[hidden email]> wrote:
I really agree with Jon here. The Campus is just asking for some clever hacker to craft a beautifully forged e-mail *apparently from* UCOP and actually from badguys@ru, that gets personal information OR departmental credentials, from a bunch of Berkeley staff, who have been
    SYSTEMATICALLY TRAINED
not to be suspicious of such e-mails!

Do we really want to train people to click away at the links in this sort of 3rd party mailing??

There should be a "rider on a white horse with a red flag galloping ahead of the train" sort of simple e-mail, from ucop.edu or berkeley.edu, saying "you are about to receive a mailing from [name the contractor] regarding [some issue]; this is Officially Blessed by the office of [whoever in berkeley or ucop] and if you have any questions, there's more information at [~ucop.edu or ~berkeley.edu website].

Is that too much to ask? 

IST evidently knew that UCOP was sending this, which is a good first step, but not enough. The cumulative effect of such mass-mailings without a *mandatory* "red-flag" precursor message is to train us to accept plausible mass-mailings as legitimate regardless of source. And that cannot be a good thing.

-Nils



On Thu, Apr 3, 2014 at 3:28 PM, jon kuroda <[hidden email]> wrote:
I received the micronet chatter about this before I got my copy of
this survey email-ham.

This still does not inspire my confidence.

I can appreciate the need/utility of using an external service
provider, especially to provide better auditing/anonymity/etc,
but there should be a notice from UCOP via Campus saying "Hey,
we're using an external provider." with a link on UCOP's site.

--Jon

On Thu, Apr 03, 2014 at 03:10:29PM -0700, Bernie Rossi wrote:
> Yes, this is legit.  UCOP gave us warning ahead of time about it being sent.
>
> Bernie
>
> On 4/3/14 3:04 PM, Kevin Burney wrote:
> > Is this legit?
> >
> > 1.It is not from UCOP or UCB.  (Who is this sender
> > [hidden email] <mailto:[hidden email]>?  I
> > have never heard of VR Election Services)
> >
> > 2.The links provided do not reside in UC namespace.  (I thought we
> > promoted not to respond to links in an unsolicited email).
> >
> > 3.Just because it has the UC Seal does not really mean anything as they
> > are publically available.
> >
> > 4.Anyone can look up on the UCOP site what the name of the Director
> > Employee Relations for University of California - Office of the President.
> >
> > In my opinion, this type of message should be a publically signed
> > message to ensure it was from the listed email account and that it was
> > unchanged after being sent.
> >
> > -Kevin Burney
> >
> > _________________________________
> >
> > Kevin D. Burney
> >
> > Active Directory Systems Engineer
> >
> > Enterprise Windows Team
> >
> > University of California, Berkeley
> >
> > (510) 827-8476
> >
> > -----BEGIN PGP PUBLIC KEY BLOCK-----
> >
> > Version: GnuPG v2.0.22 (MingW32)
> >
> > mQENBFM7Ay0BCADQUgqP26YUwy370moW+6+mOhe0W5kB6r2OivF1qyCwsJ/l459+
> >
> > LnHiTIJV3tWYBRlwcyKMP3xcdRiJuWTPWunxBkkkScRJefGRzpF9ZuJnJ8M5pi4F
> >
> > rOu7liUoEtUXv/wDoLYRTAGXD3/LSe0vu9pSPfRGzbxOw/AmX4SSbBWIWiwrtvM+
> >
> > uMGiYEJFrujI9GWJFZ/yUkeccIXWnosyc2/pP+JTz+WKsu335mVmbXeD6982GwH6
> >
> > JxqH0B78CuCPIvYCSaDmgeTwMtPysy6b240YMD9RNDDK1USUuJ3CrNoAIuTXv5b1
> >
> > ytzQTX+2piCk2y8QyTcMH1Ba0VHBg+0E73QDABEBAAG0I0tldmluIEJ1cm5leSA8
> >
> > a2J1cm5leUBiZXJrZWxleS5lZHU+iQE5BBMBAgAjBQJTOwMtAhsPBwsJCAcDAgEG
> >
> > FQgCCQoLBBYCAwECHgECF4AACgkQ1MCrpCUbvGrEfAf/eSsCTRbVIuNSlTYbKISB
> >
> > PYLPw6KeXNndqFsFO2x3t/chqsKQQBAcCBETFrMednlwirTrh43CPC82D4Q6fUZr
> >
> > IrP8iydtYRrsvsLRbJLd/23prVKjPzVcLW1ZdvaUmoGvQhhtv5Mk3AiTrAvGJjoE
> >
> > FxU/ErAW0uvJjTmoUM7CSBa/BkUJwx0KpduZa3F84jy51bEZvbnh+GjY2bTjGgl0
> >
> > 08dNOpMLa5+a5X3QjgrZvjgeOTO07CMbqcvGf0wmm9c3c8yhkSLj+fd0HRkVMBqk
> >
> > rYkri5Mxd4NOEVgZGFO56GiGwBOt+4Mhu6CyfYSngzDJioiNFAJvPt4dKoY0rM9n
> >
> > MA==
> >
> > =yVJr
> >
> > -----END PGP PUBLIC KEY BLOCK-----
> >
> > *From:*[hidden email] [mailto:[hidden email]]
> > *Sent:* Thursday, April 03, 2014 2:48 PM
> > *To:* [hidden email]
> > *Subject:* Invitation for Voluntary Disability Survey
> >
> > University of California Advisory Board
> >
> > Dear UC Colleagues,
> >
> > Recent changes to Section 503 of the Rehabilitation Act of 1973, as
> > amended (Section 503) at 41 CFR Part 60-741 require UC and other federal
> > government contractors to invite employees to voluntarily self-identify
> > their disability status effective immediately, and every five years
> > thereafter.
> >
> > Please take a moment to complete this one-question voluntary survey at
> > the website shown below. The website is hosted by VR Election Services
> > (VRES), the vendor UC has hired to administer the survey. The survey
> > form also includes a short list of possible types of disabilities,
> > information about why you are being asked about your disability status
> > and an explanation of how the survey information will be used.
> >
> > Taking the survey is easy. Simply write down your PIN number shown
> > below; then go to the website at the link below. Enter the month/date of
> > your birth and your PIN to answer the survey question.
> >
> > Your response to this survey is extremely important to UC as it will
> > provide information to help assess whether the university is complying
> > with its nondiscrimination and affirmative action obligations to recruit
> > and employ qualified individuals with disabilities.
> >
> > For more information about the survey visit UCnet.
> > <ucnet.universityofcalifornia.edu/news/2014/03/Disability-survey.html>.
> > For more information about Section 503 changes and the survey, visit the
> > Department of Labor Office of Federal Contract Compliance Programs
> > website. <http://www.dol.gov/ofccp/regs/compliance/section503.htm>
> >
> >
> >
> > Personal Identification Number : 7592436
> >
> >
> >
> > Link to Disability Survey <https://www.vres.us/webapps/vwr2101.pgm>
> > (or paste this URL into your browser: http://www.vres.us/UCDisability.)
> >
> >
> > Sincerely,
> >
> > Joseph Epperson
> > Director Employee Relations
> > University of California - Office of the President
> >
> >
> > */_Please do not respond to this e-mail._/*
> >
> > This e-mail was sent by:
> > VR Election Services,
> > 3222 Skylane Dr Bldg 100
> > Carrollton, TX, 75006.
> >
> >
> >
> >
> > -------------------------------------------------------------------------
> > The following was automatically added to this message by the list server:
> >
> > To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
> >
> > http://micronet.berkeley.edu
> >
> > Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
> >
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

(510) 642-1325 phone
(510) 642-4313 fax

[hidden email]



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.






-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.




--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

(510) 642-1325 phone
(510) 642-4313 fax

[hidden email]


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] FW: Invitation for Voluntary Disability Survey

John Torres-O'Callaghan
In reply to this post by Lisa Ho
There's also the question of why we need a third-party sending out the main message if we can mass-mail the white-horse/red-flag message internally, but I presume it's useful in cases where we want to keep identities private.  In which case we could do something like this:


Subject: UCOP disability survey

Dear UC Colleagues,

UCOP is running an important survey.  To keep results anonymous, we have partnered with VR Election Services to manage this survey.  You will be receiving an e-mail from [hidden email] with a unique Personal Identification Number that you will need to complete this survey.  Once you receive your PIN, please go to the UCOP website (www dot ucop dot edu) and select the "Disability Survey" link which will take you to the VRES website for the survey.  As a reminder, you should never click links in e-mail.



Subject: UCOP disability survey

Dear UC Colleagues,

As [UC person or department] has told you, VR Election Services is managing the UCOP disability survey.  To guarantee your privacy, we have created a Personal Identification Number which will uniquely identify you without revealing your identity to anyone at UCOP.  To take the survey, please go to the UCOP website (www dot ucop dot edu) and select the "Disability Survey" link.  This will take you to the survey at the VRES website, where you will enter your PIN and take the survey.

Here is your personal identification number:  12345678




-- 
John Torres-O'Callaghan
IS&T Storage and Backup Administrator
University of California, Berkeley
[hidden email]


On Fri, Apr 4, 2014 at 12:49 PM, Lisa Ho <[hidden email]> wrote:
After the white horse, red flag and rider have cleared the way for the legitimate email request, be prepared for our attentive phishers to send the same email (with critical links changed) to our now more receptive -- and potentially less vigilant -- population.

(Not saying it's a bad idea, and I completely agree with the complaint -- we're looking at all options for policy.)

Lisa

-- 

Lisa Ho
IT Policy Manager
Information Security and Policy
University of California, Berkeley
510.642.2422

On Fri, Apr 4, 2014 at 9:19 AM, Nils Ohlson <[hidden email]> wrote:
I really agree with Jon here. The Campus is just asking for some clever hacker to craft a beautifully forged e-mail *apparently from* UCOP and actually from badguys@ru, that gets personal information OR departmental credentials, from a bunch of Berkeley staff, who have been
    SYSTEMATICALLY TRAINED
not to be suspicious of such e-mails!

Do we really want to train people to click away at the links in this sort of 3rd party mailing??

There should be a "rider on a white horse with a red flag galloping ahead of the train" sort of simple e-mail, from ucop.edu or berkeley.edu, saying "you are about to receive a mailing from [name the contractor] regarding [some issue]; this is Officially Blessed by the office of [whoever in berkeley or ucop] and if you have any questions, there's more information at [~ucop.edu or ~berkeley.edu website].

Is that too much to ask? 

IST evidently knew that UCOP was sending this, which is a good first step, but not enough. The cumulative effect of such mass-mailings without a *mandatory* "red-flag" precursor message is to train us to accept plausible mass-mailings as legitimate regardless of source. And that cannot be a good thing.

-Nils



On Thu, Apr 3, 2014 at 3:28 PM, jon kuroda <[hidden email]> wrote:
I received the micronet chatter about this before I got my copy of
this survey email-ham.

This still does not inspire my confidence.

I can appreciate the need/utility of using an external service
provider, especially to provide better auditing/anonymity/etc,
but there should be a notice from UCOP via Campus saying "Hey,
we're using an external provider." with a link on UCOP's site.

--Jon

On Thu, Apr 03, 2014 at 03:10:29PM -0700, Bernie Rossi wrote:
> Yes, this is legit.  UCOP gave us warning ahead of time about it being sent.
>
> Bernie
>
> On 4/3/14 3:04 PM, Kevin Burney wrote:
> > Is this legit?
> >
> > 1.It is not from UCOP or UCB.  (Who is this sender
> > [hidden email] <mailto:[hidden email]>?  I
> > have never heard of VR Election Services)
> >
> > 2.The links provided do not reside in UC namespace.  (I thought we
> > promoted not to respond to links in an unsolicited email).
> >
> > 3.Just because it has the UC Seal does not really mean anything as they
> > are publically available.
> >
> > 4.Anyone can look up on the UCOP site what the name of the Director
> > Employee Relations for University of California - Office of the President.
> >
> > In my opinion, this type of message should be a publically signed
> > message to ensure it was from the listed email account and that it was
> > unchanged after being sent.
> >
> > -Kevin Burney
> >
> > _________________________________
> >
> > Kevin D. Burney
> >
> > Active Directory Systems Engineer
> >
> > Enterprise Windows Team
> >
> > University of California, Berkeley
> >
> > (510) 827-8476
> >
> > -----BEGIN PGP PUBLIC KEY BLOCK-----
> >
> > Version: GnuPG v2.0.22 (MingW32)
> >
> > mQENBFM7Ay0BCADQUgqP26YUwy370moW+6+mOhe0W5kB6r2OivF1qyCwsJ/l459+
> >
> > LnHiTIJV3tWYBRlwcyKMP3xcdRiJuWTPWunxBkkkScRJefGRzpF9ZuJnJ8M5pi4F
> >
> > rOu7liUoEtUXv/wDoLYRTAGXD3/LSe0vu9pSPfRGzbxOw/AmX4SSbBWIWiwrtvM+
> >
> > uMGiYEJFrujI9GWJFZ/yUkeccIXWnosyc2/pP+JTz+WKsu335mVmbXeD6982GwH6
> >
> > JxqH0B78CuCPIvYCSaDmgeTwMtPysy6b240YMD9RNDDK1USUuJ3CrNoAIuTXv5b1
> >
> > ytzQTX+2piCk2y8QyTcMH1Ba0VHBg+0E73QDABEBAAG0I0tldmluIEJ1cm5leSA8
> >
> > a2J1cm5leUBiZXJrZWxleS5lZHU+iQE5BBMBAgAjBQJTOwMtAhsPBwsJCAcDAgEG
> >
> > FQgCCQoLBBYCAwECHgECF4AACgkQ1MCrpCUbvGrEfAf/eSsCTRbVIuNSlTYbKISB
> >
> > PYLPw6KeXNndqFsFO2x3t/chqsKQQBAcCBETFrMednlwirTrh43CPC82D4Q6fUZr
> >
> > IrP8iydtYRrsvsLRbJLd/23prVKjPzVcLW1ZdvaUmoGvQhhtv5Mk3AiTrAvGJjoE
> >
> > FxU/ErAW0uvJjTmoUM7CSBa/BkUJwx0KpduZa3F84jy51bEZvbnh+GjY2bTjGgl0
> >
> > 08dNOpMLa5+a5X3QjgrZvjgeOTO07CMbqcvGf0wmm9c3c8yhkSLj+fd0HRkVMBqk
> >
> > rYkri5Mxd4NOEVgZGFO56GiGwBOt+4Mhu6CyfYSngzDJioiNFAJvPt4dKoY0rM9n
> >
> > MA==
> >
> > =yVJr
> >
> > -----END PGP PUBLIC KEY BLOCK-----
> >
> > *From:*[hidden email] [mailto:[hidden email]]
> > *Sent:* Thursday, April 03, 2014 2:48 PM
> > *To:* [hidden email]
> > *Subject:* Invitation for Voluntary Disability Survey
> >
> > University of California Advisory Board
> >
> > Dear UC Colleagues,
> >
> > Recent changes to Section 503 of the Rehabilitation Act of 1973, as
> > amended (Section 503) at 41 CFR Part 60-741 require UC and other federal
> > government contractors to invite employees to voluntarily self-identify
> > their disability status effective immediately, and every five years
> > thereafter.
> >
> > Please take a moment to complete this one-question voluntary survey at
> > the website shown below. The website is hosted by VR Election Services
> > (VRES), the vendor UC has hired to administer the survey. The survey
> > form also includes a short list of possible types of disabilities,
> > information about why you are being asked about your disability status
> > and an explanation of how the survey information will be used.
> >
> > Taking the survey is easy. Simply write down your PIN number shown
> > below; then go to the website at the link below. Enter the month/date of
> > your birth and your PIN to answer the survey question.
> >
> > Your response to this survey is extremely important to UC as it will
> > provide information to help assess whether the university is complying
> > with its nondiscrimination and affirmative action obligations to recruit
> > and employ qualified individuals with disabilities.
> >
> > For more information about the survey visit UCnet.
> > <ucnet.universityofcalifornia.edu/news/2014/03/Disability-survey.html>.
> > For more information about Section 503 changes and the survey, visit the
> > Department of Labor Office of Federal Contract Compliance Programs
> > website. <http://www.dol.gov/ofccp/regs/compliance/section503.htm>
> >
> >
> >
> > Personal Identification Number : 7592436
> >
> >
> >
> > Link to Disability Survey <https://www.vres.us/webapps/vwr2101.pgm>
> > (or paste this URL into your browser: http://www.vres.us/UCDisability.)
> >
> >
> > Sincerely,
> >
> > Joseph Epperson
> > Director Employee Relations
> > University of California - Office of the President
> >
> >
> > */_Please do not respond to this e-mail._/*
> >
> > This e-mail was sent by:
> > VR Election Services,
> > 3222 Skylane Dr Bldg 100
> > Carrollton, TX, 75006.
> >
> >
> >
> >
> > -------------------------------------------------------------------------
> > The following was automatically added to this message by the list server:
> >
> > To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
> >
> > http://micronet.berkeley.edu
> >
> > Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
> >
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

(510) 642-1325 phone
(510) 642-4313 fax

[hidden email]



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.






-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] FW: Invitation for Voluntary Disability Survey

Richard DeShong-2
Well, you don't actually need the email from the external vendor.  A berkeley.edu email account could be created specifically for the survey, along with the ucop web page.  And the vendor could be given the keys to use it.  Then the email would be coming from a berkeley.edu account, and the email would ask you to go to a ucop webpage.


On Fri, Apr 4, 2014 at 1:29 PM, John Torres-O'Callaghan <[hidden email]> wrote:
There's also the question of why we need a third-party sending out the main message if we can mass-mail the white-horse/red-flag message internally, but I presume it's useful in cases where we want to keep identities private.  In which case we could do something like this:


Subject: UCOP disability survey

Dear UC Colleagues,

UCOP is running an important survey.  To keep results anonymous, we have partnered with VR Election Services to manage this survey.  You will be receiving an e-mail from [hidden email] with a unique Personal Identification Number that you will need to complete this survey.  Once you receive your PIN, please go to the UCOP website (www dot ucop dot edu) and select the "Disability Survey" link which will take you to the VRES website for the survey.  As a reminder, you should never click links in e-mail.



Subject: UCOP disability survey

Dear UC Colleagues,

As [UC person or department] has told you, VR Election Services is managing the UCOP disability survey.  To guarantee your privacy, we have created a Personal Identification Number which will uniquely identify you without revealing your identity to anyone at UCOP.  To take the survey, please go to the UCOP website (www dot ucop dot edu) and select the "Disability Survey" link.  This will take you to the survey at the VRES website, where you will enter your PIN and take the survey.

Here is your personal identification number:  12345678




-- 
John Torres-O'Callaghan
IS&T Storage and Backup Administrator
University of California, Berkeley
[hidden email]


On Fri, Apr 4, 2014 at 12:49 PM, Lisa Ho <[hidden email]> wrote:
After the white horse, red flag and rider have cleared the way for the legitimate email request, be prepared for our attentive phishers to send the same email (with critical links changed) to our now more receptive -- and potentially less vigilant -- population.

(Not saying it's a bad idea, and I completely agree with the complaint -- we're looking at all options for policy.)

Lisa

-- 

Lisa Ho
IT Policy Manager
Information Security and Policy
University of California, Berkeley
510.642.2422

On Fri, Apr 4, 2014 at 9:19 AM, Nils Ohlson <[hidden email]> wrote:
I really agree with Jon here. The Campus is just asking for some clever hacker to craft a beautifully forged e-mail *apparently from* UCOP and actually from badguys@ru, that gets personal information OR departmental credentials, from a bunch of Berkeley staff, who have been
    SYSTEMATICALLY TRAINED
not to be suspicious of such e-mails!

Do we really want to train people to click away at the links in this sort of 3rd party mailing??

There should be a "rider on a white horse with a red flag galloping ahead of the train" sort of simple e-mail, from ucop.edu or berkeley.edu, saying "you are about to receive a mailing from [name the contractor] regarding [some issue]; this is Officially Blessed by the office of [whoever in berkeley or ucop] and if you have any questions, there's more information at [~ucop.edu or ~berkeley.edu website].

Is that too much to ask? 

IST evidently knew that UCOP was sending this, which is a good first step, but not enough. The cumulative effect of such mass-mailings without a *mandatory* "red-flag" precursor message is to train us to accept plausible mass-mailings as legitimate regardless of source. And that cannot be a good thing.

-Nils



On Thu, Apr 3, 2014 at 3:28 PM, jon kuroda <[hidden email]> wrote:
I received the micronet chatter about this before I got my copy of
this survey email-ham.

This still does not inspire my confidence.

I can appreciate the need/utility of using an external service
provider, especially to provide better auditing/anonymity/etc,
but there should be a notice from UCOP via Campus saying "Hey,
we're using an external provider." with a link on UCOP's site.

--Jon

On Thu, Apr 03, 2014 at 03:10:29PM -0700, Bernie Rossi wrote:
> Yes, this is legit.  UCOP gave us warning ahead of time about it being sent.
>
> Bernie
>
> On 4/3/14 3:04 PM, Kevin Burney wrote:
> > Is this legit?
> >
> > 1.It is not from UCOP or UCB.  (Who is this sender
> > [hidden email] <mailto:[hidden email]>?  I
> > have never heard of VR Election Services)
> >
> > 2.The links provided do not reside in UC namespace.  (I thought we
> > promoted not to respond to links in an unsolicited email).
> >
> > 3.Just because it has the UC Seal does not really mean anything as they
> > are publically available.
> >
> > 4.Anyone can look up on the UCOP site what the name of the Director
> > Employee Relations for University of California - Office of the President.
> >
> > In my opinion, this type of message should be a publically signed
> > message to ensure it was from the listed email account and that it was
> > unchanged after being sent.
> >
> > -Kevin Burney
> >
> > _________________________________
> >
> > Kevin D. Burney
> >
> > Active Directory Systems Engineer
> >
> > Enterprise Windows Team
> >
> > University of California, Berkeley
> >
> > (510) 827-8476
> >
> > -----BEGIN PGP PUBLIC KEY BLOCK-----
> >
> > Version: GnuPG v2.0.22 (MingW32)
> >
> > mQENBFM7Ay0BCADQUgqP26YUwy370moW+6+mOhe0W5kB6r2OivF1qyCwsJ/l459+
> >
> > LnHiTIJV3tWYBRlwcyKMP3xcdRiJuWTPWunxBkkkScRJefGRzpF9ZuJnJ8M5pi4F
> >
> > rOu7liUoEtUXv/wDoLYRTAGXD3/LSe0vu9pSPfRGzbxOw/AmX4SSbBWIWiwrtvM+
> >
> > uMGiYEJFrujI9GWJFZ/yUkeccIXWnosyc2/pP+JTz+WKsu335mVmbXeD6982GwH6
> >
> > JxqH0B78CuCPIvYCSaDmgeTwMtPysy6b240YMD9RNDDK1USUuJ3CrNoAIuTXv5b1
> >
> > ytzQTX+2piCk2y8QyTcMH1Ba0VHBg+0E73QDABEBAAG0I0tldmluIEJ1cm5leSA8
> >
> > a2J1cm5leUBiZXJrZWxleS5lZHU+iQE5BBMBAgAjBQJTOwMtAhsPBwsJCAcDAgEG
> >
> > FQgCCQoLBBYCAwECHgECF4AACgkQ1MCrpCUbvGrEfAf/eSsCTRbVIuNSlTYbKISB
> >
> > PYLPw6KeXNndqFsFO2x3t/chqsKQQBAcCBETFrMednlwirTrh43CPC82D4Q6fUZr
> >
> > IrP8iydtYRrsvsLRbJLd/23prVKjPzVcLW1ZdvaUmoGvQhhtv5Mk3AiTrAvGJjoE
> >
> > FxU/ErAW0uvJjTmoUM7CSBa/BkUJwx0KpduZa3F84jy51bEZvbnh+GjY2bTjGgl0
> >
> > 08dNOpMLa5+a5X3QjgrZvjgeOTO07CMbqcvGf0wmm9c3c8yhkSLj+fd0HRkVMBqk
> >
> > rYkri5Mxd4NOEVgZGFO56GiGwBOt+4Mhu6CyfYSngzDJioiNFAJvPt4dKoY0rM9n
> >
> > MA==
> >
> > =yVJr
> >
> > -----END PGP PUBLIC KEY BLOCK-----
> >
> > *From:*[hidden email] [mailto:[hidden email]]
> > *Sent:* Thursday, April 03, 2014 2:48 PM
> > *To:* [hidden email]
> > *Subject:* Invitation for Voluntary Disability Survey
> >
> > University of California Advisory Board
> >
> > Dear UC Colleagues,
> >
> > Recent changes to Section 503 of the Rehabilitation Act of 1973, as
> > amended (Section 503) at 41 CFR Part 60-741 require UC and other federal
> > government contractors to invite employees to voluntarily self-identify
> > their disability status effective immediately, and every five years
> > thereafter.
> >
> > Please take a moment to complete this one-question voluntary survey at
> > the website shown below. The website is hosted by VR Election Services
> > (VRES), the vendor UC has hired to administer the survey. The survey
> > form also includes a short list of possible types of disabilities,
> > information about why you are being asked about your disability status
> > and an explanation of how the survey information will be used.
> >
> > Taking the survey is easy. Simply write down your PIN number shown
> > below; then go to the website at the link below. Enter the month/date of
> > your birth and your PIN to answer the survey question.
> >
> > Your response to this survey is extremely important to UC as it will
> > provide information to help assess whether the university is complying
> > with its nondiscrimination and affirmative action obligations to recruit
> > and employ qualified individuals with disabilities.
> >
> > For more information about the survey visit UCnet.
> > <ucnet.universityofcalifornia.edu/news/2014/03/Disability-survey.html>.
> > For more information about Section 503 changes and the survey, visit the
> > Department of Labor Office of Federal Contract Compliance Programs
> > website. <http://www.dol.gov/ofccp/regs/compliance/section503.htm>
> >
> >
> >
> > Personal Identification Number : 7592436
> >
> >
> >
> > Link to Disability Survey <https://www.vres.us/webapps/vwr2101.pgm>
> > (or paste this URL into your browser: http://www.vres.us/UCDisability.)
> >
> >
> > Sincerely,
> >
> > Joseph Epperson
> > Director Employee Relations
> > University of California - Office of the President
> >
> >
> > */_Please do not respond to this e-mail._/*
> >
> > This e-mail was sent by:
> > VR Election Services,
> > 3222 Skylane Dr Bldg 100
> > Carrollton, TX, 75006.
> >
> >
> >
> >
> > -------------------------------------------------------------------------
> > The following was automatically added to this message by the list server:
> >
> > To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
> >
> > http://micronet.berkeley.edu
> >
> > Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
> >
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

(510) 642-1325 phone
(510) 642-4313 fax

[hidden email]



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.






-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.




-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.




--
Richard DeShong, Systems Analyst, Athletic Study Center, U.C.Berkeley
164 Chavez Student Center, Berkeley, CA, 94720-4220
510-642-5123     asc.berkeley.edu

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] FW: Invitation for Voluntary Disability Survey

Kevin Burney
In reply to this post by Lisa Ho

Signing email with a publicly recognized certificate authority will help to prove the authenticity of the message received.  Below is an address where free email certificates can be acquired.  We may be able to get the certificates from InCommon in our namespace as part of our subscription.  Additionally there needs to be a campus out-reach to help to educate the population how the verify email and their certificates are valid.

 

http://www.comodo.com/home/email-security/free-email-certificate.php

 

-Kevin

 

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Lisa Ho
Sent: Friday, April 04, 2014 12:50 PM
To: Micronet List
Subject: Re: [Micronet] FW: Invitation for Voluntary Disability Survey

 

After the white horse, red flag and rider have cleared the way for the legitimate email request, be prepared for our attentive phishers to send the same email (with critical links changed) to our now more receptive -- and potentially less vigilant -- population.

 

(Not saying it's a bad idea, and I completely agree with the complaint -- we're looking at all options for policy.)

 

Lisa


-- 

 

Lisa Ho

IT Policy Manager

Information Security and Policy

University of California, Berkeley

510.642.2422

 

On Fri, Apr 4, 2014 at 9:19 AM, Nils Ohlson <[hidden email]> wrote:

I really agree with Jon here. The Campus is just asking for some clever hacker to craft a beautifully forged e-mail *apparently from* UCOP and actually from badguys@ru, that gets personal information OR departmental credentials, from a bunch of Berkeley staff, who have been

    SYSTEMATICALLY TRAINED

not to be suspicious of such e-mails!

 

Do we really want to train people to click away at the links in this sort of 3rd party mailing??

 

There should be a "rider on a white horse with a red flag galloping ahead of the train" sort of simple e-mail, from ucop.edu or berkeley.edu, saying "you are about to receive a mailing from [name the contractor] regarding [some issue]; this is Officially Blessed by the office of [whoever in berkeley or ucop] and if you have any questions, there's more information at [~ucop.edu or ~berkeley.edu website].

 

Is that too much to ask? 

 

IST evidently knew that UCOP was sending this, which is a good first step, but not enough. The cumulative effect of such mass-mailings without a *mandatory* "red-flag" precursor message is to train us to accept plausible mass-mailings as legitimate regardless of source. And that cannot be a good thing.

 

-Nils

 

 

On Thu, Apr 3, 2014 at 3:28 PM, jon kuroda <[hidden email]> wrote:

I received the micronet chatter about this before I got my copy of
this survey email-ham.

This still does not inspire my confidence.

I can appreciate the need/utility of using an external service
provider, especially to provide better auditing/anonymity/etc,
but there should be a notice from UCOP via Campus saying "Hey,
we're using an external provider." with a link on UCOP's site.

--Jon

On Thu, Apr 03, 2014 at 03:10:29PM -0700, Bernie Rossi wrote:


> Yes, this is legit.  UCOP gave us warning ahead of time about it being sent.
>
> Bernie
>
> On 4/3/14 3:04 PM, Kevin Burney wrote:
> > Is this legit?
> >
> > 1.It is not from UCOP or UCB.  (Who is this sender
> > [hidden email] <mailto:[hidden email]>?  I
> > have never heard of VR Election Services)
> >
> > 2.The links provided do not reside in UC namespace.  (I thought we
> > promoted not to respond to links in an unsolicited email).
> >
> > 3.Just because it has the UC Seal does not really mean anything as they
> > are publically available.
> >
> > 4.Anyone can look up on the UCOP site what the name of the Director
> > Employee Relations for University of California - Office of the President.
> >
> > In my opinion, this type of message should be a publically signed
> > message to ensure it was from the listed email account and that it was
> > unchanged after being sent.
> >
> > -Kevin Burney
> >
> > _________________________________
> >
> > Kevin D. Burney
> >
> > Active Directory Systems Engineer
> >
> > Enterprise Windows Team
> >
> > University of California, Berkeley
> >
> > (510) 827-8476
> >
> > -----BEGIN PGP PUBLIC KEY BLOCK-----
> >
> > Version: GnuPG v2.0.22 (MingW32)
> >
> > mQENBFM7Ay0BCADQUgqP26YUwy370moW+6+mOhe0W5kB6r2OivF1qyCwsJ/l459+
> >
> > LnHiTIJV3tWYBRlwcyKMP3xcdRiJuWTPWunxBkkkScRJefGRzpF9ZuJnJ8M5pi4F
> >
> > rOu7liUoEtUXv/wDoLYRTAGXD3/LSe0vu9pSPfRGzbxOw/AmX4SSbBWIWiwrtvM+
> >
> > uMGiYEJFrujI9GWJFZ/yUkeccIXWnosyc2/pP+JTz+WKsu335mVmbXeD6982GwH6
> >
> > JxqH0B78CuCPIvYCSaDmgeTwMtPysy6b240YMD9RNDDK1USUuJ3CrNoAIuTXv5b1
> >
> > ytzQTX+2piCk2y8QyTcMH1Ba0VHBg+0E73QDABEBAAG0I0tldmluIEJ1cm5leSA8
> >
> > a2J1cm5leUBiZXJrZWxleS5lZHU+iQE5BBMBAgAjBQJTOwMtAhsPBwsJCAcDAgEG
> >
> > FQgCCQoLBBYCAwECHgECF4AACgkQ1MCrpCUbvGrEfAf/eSsCTRbVIuNSlTYbKISB
> >
> > PYLPw6KeXNndqFsFO2x3t/chqsKQQBAcCBETFrMednlwirTrh43CPC82D4Q6fUZr
> >
> > IrP8iydtYRrsvsLRbJLd/23prVKjPzVcLW1ZdvaUmoGvQhhtv5Mk3AiTrAvGJjoE
> >
> > FxU/ErAW0uvJjTmoUM7CSBa/BkUJwx0KpduZa3F84jy51bEZvbnh+GjY2bTjGgl0
> >
> > 08dNOpMLa5+a5X3QjgrZvjgeOTO07CMbqcvGf0wmm9c3c8yhkSLj+fd0HRkVMBqk
> >
> > rYkri5Mxd4NOEVgZGFO56GiGwBOt+4Mhu6CyfYSngzDJioiNFAJvPt4dKoY0rM9n
> >
> > MA==
> >
> > =yVJr
> >
> > -----END PGP PUBLIC KEY BLOCK-----
> >
> > *From:*[hidden email] [mailto:[hidden email]]
> > *Sent:* Thursday, April 03, 2014 2:48 PM
> > *To:* [hidden email]
> > *Subject:* Invitation for Voluntary Disability Survey
> >
> > University of California Advisory Board
> >
> > Dear UC Colleagues,
> >
> > Recent changes to Section 503 of the Rehabilitation Act of 1973, as
> > amended (Section 503) at 41 CFR Part 60-741 require UC and other federal
> > government contractors to invite employees to voluntarily self-identify
> > their disability status effective immediately, and every five years
> > thereafter.
> >
> > Please take a moment to complete this one-question voluntary survey at
> > the website shown below. The website is hosted by VR Election Services
> > (VRES), the vendor UC has hired to administer the survey. The survey
> > form also includes a short list of possible types of disabilities,
> > information about why you are being asked about your disability status
> > and an explanation of how the survey information will be used.
> >
> > Taking the survey is easy. Simply write down your PIN number shown
> > below; then go to the website at the link below. Enter the month/date of
> > your birth and your PIN to answer the survey question.
> >
> > Your response to this survey is extremely important to UC as it will
> > provide information to help assess whether the university is complying
> > with its nondiscrimination and affirmative action obligations to recruit
> > and employ qualified individuals with disabilities.
> >
> > For more information about the survey visit UCnet.
> > <ucnet.universityofcalifornia.edu/news/2014/03/Disability-survey.html>.
> > For more information about Section 503 changes and the survey, visit the
> > Department of Labor Office of Federal Contract Compliance Programs
> > website. <http://www.dol.gov/ofccp/regs/compliance/section503.htm>
> >
> >
> >
> > Personal Identification Number : 7592436
> >
> >
> >
> > Link to Disability Survey <https://www.vres.us/webapps/vwr2101.pgm>
> > (or paste this URL into your browser: http://www.vres.us/UCDisability.)
> >
> >
> > Sincerely,
> >
> > Joseph Epperson
> > Director Employee Relations
> > University of California - Office of the President
> >
> >
> > */_Please do not respond to this e-mail._/*
> >
> > This e-mail was sent by:
> > VR Election Services,
> > 3222 Skylane Dr Bldg 100
> > Carrollton, TX, 75006.
> >
> >
> >
> >
> > -------------------------------------------------------------------------
> > The following was automatically added to this message by the list server:
> >
> > To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
> >
> > http://micronet.berkeley.edu
> >
> > Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
> >
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



 

--

Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

(510) 642-1325 phone
(510) 642-4313 fax

[hidden email]



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



 


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

smime.p7s (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] FW: Invitation for Voluntary Disability Survey

jon kuroda-2
In reply to this post by Lisa Ho
I should be able to - without clicking on a single link from any e-mail -
go to https://ucop.edu/ on my own and quickly and reliably find confirming
information about such a message.  Better yet if the necessary link to
the external service provider can be found via a UC/Campus controlled site
such as https://calmessages.berkeley.edu/.

Let me know when the phishers have managed to compromise https://ucop.edu/
to put up false-flag links to back up their carefully constructed phishing
e-mails.

Now, I'm going to jump up to a 30,000 foot view for a bit here.

The goal is to be able to have campus/system-wide communications like
these such that the target audience of recipients can easily determine
on their own that the message is legitimate and trustworthy.

There are many ways to do this, many of which can be used together.
I'm not going to quibble much anymore about those particulars when
the larger problem is this and previous messages are taking us in
exactly the opposite direction.

When we want to go north to the land of trustworthy communications,
messages like this instead try to take us due south to the republic
of blindly click through warnings and blindly trust e-mails sent from
unknown sources.

We need to be going north.  Due North? NNW? NNE?  It doesn't really
matter too much when we're instead dealing with directions trying to
take us in the exact opposite direction.

--Jon

On Fri, Apr 04, 2014 at 12:49:35PM -0700, Lisa Ho wrote:

> After the white horse, red flag and rider have cleared the way for the
> legitimate email request, be prepared for our attentive phishers to send
> the same email (with critical links changed) to our now more receptive --
> and potentially less vigilant -- population.
>
> (Not saying it's a bad idea, and I completely agree with the complaint --
> we're looking at all options for policy.)
>
> Lisa
>
> --
>
> Lisa Ho
> IT Policy Manager
> Information Security and Policy
> University of California, Berkeley
> 510.642.2422
> [hidden email]
>
> On Fri, Apr 4, 2014 at 9:19 AM, Nils Ohlson <[hidden email]> wrote:
>
> > I really agree with Jon here. The Campus is just *asking* for some clever
> > hacker to craft a beautifully forged e-mail *apparently from* UCOP and
> > actually from badguys@ru, that gets personal information OR departmental
> > credentials, from a bunch of Berkeley staff, who have been
> >     SYSTEMATICALLY TRAINED
> > not to be suspicious of such e-mails!
> >
> > Do we really want to train people to click away at the links in this sort
> > of 3rd party mailing??
> >
> > There should be a "rider on a white horse with a red flag galloping ahead
> > of the train" sort of simple e-mail, from ucop.edu or berkeley.edu,
> > saying "you are about to receive a mailing from [name the contractor]
> > regarding [some issue]; this is Officially Blessed by the office of
> > [whoever in berkeley or ucop] and if you have any questions, there's more
> > information at [~ucop.edu or ~berkeley.edu website].
> >
> > Is that too much to ask?
> >
> > IST evidently knew that UCOP was sending this, which is a good first step,
> > but not enough. The cumulative effect of such mass-mailings without a
> > *mandatory* "red-flag" precursor message is to train us to accept plausible
> > mass-mailings as legitimate regardless of source. And that cannot be a good
> > thing.
> >
> > -Nils
> >
> >
> >
> > On Thu, Apr 3, 2014 at 3:28 PM, jon kuroda <[hidden email]>wrote:
> >
> >> I received the micronet chatter about this before I got my copy of
> >> this survey email-ham.
> >>
> >> This still does not inspire my confidence.
> >>
> >> I can appreciate the need/utility of using an external service
> >> provider, especially to provide better auditing/anonymity/etc,
> >> but there should be a notice from UCOP via Campus saying "Hey,
> >> we're using an external provider." with a link on UCOP's site.
> >>
> >> --Jon
> >>
> >> On Thu, Apr 03, 2014 at 03:10:29PM -0700, Bernie Rossi wrote:
> >> > Yes, this is legit.  UCOP gave us warning ahead of time about it being
> >> sent.
> >> >
> >> > Bernie
> >> >
> >> > On 4/3/14 3:04 PM, Kevin Burney wrote:
> >> > > Is this legit?
> >> > >
> >> > > 1.It is not from UCOP or UCB.  (Who is this sender
> >> > > [hidden email] <mailto:[hidden email]>?
> >>  I
> >> > > have never heard of VR Election Services)
> >> > >
> >> > > 2.The links provided do not reside in UC namespace.  (I thought we
> >> > > promoted not to respond to links in an unsolicited email).
> >> > >
> >> > > 3.Just because it has the UC Seal does not really mean anything as
> >> they
> >> > > are publically available.
> >> > >
> >> > > 4.Anyone can look up on the UCOP site what the name of the Director
> >> > > Employee Relations for University of California - Office of the
> >> President.
> >> > >
> >> > > In my opinion, this type of message should be a publically signed
> >> > > message to ensure it was from the listed email account and that it was
> >> > > unchanged after being sent.
> >> > >
> >> > > -Kevin Burney
> >> > >
> >> > > _________________________________
> >> > >
> >> > > Kevin D. Burney
> >> > >
> >> > > Active Directory Systems Engineer
> >> > >
> >> > > Enterprise Windows Team
> >> > >
> >> > > University of California, Berkeley
> >> > >
> >> > > (510) 827-8476
> >> > >
> >> > > -----BEGIN PGP PUBLIC KEY BLOCK-----
> >> > >
> >> > > Version: GnuPG v2.0.22 (MingW32)
> >> > >
> >> > > mQENBFM7Ay0BCADQUgqP26YUwy370moW+6+mOhe0W5kB6r2OivF1qyCwsJ/l459+
> >> > >
> >> > > LnHiTIJV3tWYBRlwcyKMP3xcdRiJuWTPWunxBkkkScRJefGRzpF9ZuJnJ8M5pi4F
> >> > >
> >> > > rOu7liUoEtUXv/wDoLYRTAGXD3/LSe0vu9pSPfRGzbxOw/AmX4SSbBWIWiwrtvM+
> >> > >
> >> > > uMGiYEJFrujI9GWJFZ/yUkeccIXWnosyc2/pP+JTz+WKsu335mVmbXeD6982GwH6
> >> > >
> >> > > JxqH0B78CuCPIvYCSaDmgeTwMtPysy6b240YMD9RNDDK1USUuJ3CrNoAIuTXv5b1
> >> > >
> >> > > ytzQTX+2piCk2y8QyTcMH1Ba0VHBg+0E73QDABEBAAG0I0tldmluIEJ1cm5leSA8
> >> > >
> >> > > a2J1cm5leUBiZXJrZWxleS5lZHU+iQE5BBMBAgAjBQJTOwMtAhsPBwsJCAcDAgEG
> >> > >
> >> > > FQgCCQoLBBYCAwECHgECF4AACgkQ1MCrpCUbvGrEfAf/eSsCTRbVIuNSlTYbKISB
> >> > >
> >> > > PYLPw6KeXNndqFsFO2x3t/chqsKQQBAcCBETFrMednlwirTrh43CPC82D4Q6fUZr
> >> > >
> >> > > IrP8iydtYRrsvsLRbJLd/23prVKjPzVcLW1ZdvaUmoGvQhhtv5Mk3AiTrAvGJjoE
> >> > >
> >> > > FxU/ErAW0uvJjTmoUM7CSBa/BkUJwx0KpduZa3F84jy51bEZvbnh+GjY2bTjGgl0
> >> > >
> >> > > 08dNOpMLa5+a5X3QjgrZvjgeOTO07CMbqcvGf0wmm9c3c8yhkSLj+fd0HRkVMBqk
> >> > >
> >> > > rYkri5Mxd4NOEVgZGFO56GiGwBOt+4Mhu6CyfYSngzDJioiNFAJvPt4dKoY0rM9n
> >> > >
> >> > > MA==
> >> > >
> >> > > =yVJr
> >> > >
> >> > > -----END PGP PUBLIC KEY BLOCK-----
> >> > >
> >> > > *From:*[hidden email] [mailto:
> >> [hidden email]]
> >> > > *Sent:* Thursday, April 03, 2014 2:48 PM
> >> > > *To:* [hidden email]
> >> > > *Subject:* Invitation for Voluntary Disability Survey
> >> > >
> >> > > University of California Advisory Board
> >> > >
> >> > > Dear UC Colleagues,
> >> > >
> >> > > Recent changes to Section 503 of the Rehabilitation Act of 1973, as
> >> > > amended (Section 503) at 41 CFR Part 60-741 require UC and other
> >> federal
> >> > > government contractors to invite employees to voluntarily
> >> self-identify
> >> > > their disability status effective immediately, and every five years
> >> > > thereafter.
> >> > >
> >> > > Please take a moment to complete this one-question voluntary survey at
> >> > > the website shown below. The website is hosted by VR Election Services
> >> > > (VRES), the vendor UC has hired to administer the survey. The survey
> >> > > form also includes a short list of possible types of disabilities,
> >> > > information about why you are being asked about your disability status
> >> > > and an explanation of how the survey information will be used.
> >> > >
> >> > > Taking the survey is easy. Simply write down your PIN number shown
> >> > > below; then go to the website at the link below. Enter the month/date
> >> of
> >> > > your birth and your PIN to answer the survey question.
> >> > >
> >> > > Your response to this survey is extremely important to UC as it will
> >> > > provide information to help assess whether the university is complying
> >> > > with its nondiscrimination and affirmative action obligations to
> >> recruit
> >> > > and employ qualified individuals with disabilities.
> >> > >
> >> > > For more information about the survey visit UCnet.
> >> > > <ucnet.universityofcalifornia.edu/news/2014/03/Disability-survey.html
> >> >.
> >> > > For more information about Section 503 changes and the survey, visit
> >> the
> >> > > Department of Labor Office of Federal Contract Compliance Programs
> >> > > website. <http://www.dol.gov/ofccp/regs/compliance/section503.htm>
> >> > >
> >> > >
> >> > >
> >> > > Personal Identification Number : 7592436
> >> > >
> >> > >
> >> > >
> >> > > Link to Disability Survey <https://www.vres.us/webapps/vwr2101.pgm>
> >> > > (or paste this URL into your browser: http://www.vres.us/UCDisability
> >> .)
> >> > >
> >> > >
> >> > > Sincerely,
> >> > >
> >> > > Joseph Epperson
> >> > > Director Employee Relations
> >> > > University of California - Office of the President
> >> > >
> >> > >
> >> > > */_Please do not respond to this e-mail._/*
> >> > >
> >> > > This e-mail was sent by:
> >> > > VR Election Services,
> >> > > 3222 Skylane Dr Bldg 100
> >> > > Carrollton, TX, 75006.
> >> > >
> >> > >
> >> > >
> >> > >
> >> > >
> >> -------------------------------------------------------------------------
> >> > > The following was automatically added to this message by the list
> >> server:
> >> > >
> >> > > To learn more about Micronet, including how to subscribe to or
> >> unsubscribe from its mailing list and how to find out about upcoming
> >> meetings, please visit the Micronet Web site:
> >> > >
> >> > > http://micronet.berkeley.edu
> >> > >
> >> > > Messages you send to this mailing list are public and world-viewable,
> >> and the list's archives can be browsed and searched on the Internet.  This
> >> means these messages can be viewed by (among others) your bosses,
> >> prospective employers, and people who have known you in the past.
> >> > >
> >> >
> >> >
> >> >
> >> >
> >> -------------------------------------------------------------------------
> >> > The following was automatically added to this message by the list
> >> server:
> >> >
> >> > To learn more about Micronet, including how to subscribe to or
> >> unsubscribe from its mailing list and how to find out about upcoming
> >> meetings, please visit the Micronet Web site:
> >> >
> >> > http://micronet.berkeley.edu
> >> >
> >> > Messages you send to this mailing list are public and world-viewable,
> >> and the list's archives can be browsed and searched on the Internet.  This
> >> means these messages can be viewed by (among others) your bosses,
> >> prospective employers, and people who have known you in the past.
> >>
> >>
> >> -------------------------------------------------------------------------
> >> The following was automatically added to this message by the list server:
> >>
> >> To learn more about Micronet, including how to subscribe to or
> >> unsubscribe from its mailing list and how to find out about upcoming
> >> meetings, please visit the Micronet Web site:
> >>
> >> http://micronet.berkeley.edu
> >>
> >> Messages you send to this mailing list are public and world-viewable, and
> >> the list's archives can be browsed and searched on the Internet.  This
> >> means these messages can be viewed by (among others) your bosses,
> >> prospective employers, and people who have known you in the past.
> >>
> >
> >
> >
> > --
> > Nils Ohlson
> > Administrative Analyst
> > U.C. Berkeley College of Chemistry
> > Business Office
> > 410 Latimer Hall #1460
> > Berkeley, CA 94720-1460
> >
> > (510) 642-1325 phone
> > (510) 642-4313 fax
> >
> > [hidden email]
> >
> >
> >
> > -------------------------------------------------------------------------
> > The following was automatically added to this message by the list server:
> >
> > To learn more about Micronet, including how to subscribe to or unsubscribe
> > from its mailing list and how to find out about upcoming meetings, please
> > visit the Micronet Web site:
> >
> > http://micronet.berkeley.edu
> >
> > Messages you send to this mailing list are public and world-viewable, and
> > the list's archives can be browsed and searched on the Internet.  This
> > means these messages can be viewed by (among others) your bosses,
> > prospective employers, and people who have known you in the past.
> >
> >

>  
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.