Technology at Berkeley Site Navigation:
Breadcrumb Trail:
Home > Chief Information Officer

Local Navigation:

Chief Information Officer (CIO)

April 10, 2014

A widely reported critical security flaw, called ”Heartbleed“ has been discovered that affects not only some campus systems, but also many information systems worldwide. One possible consequence of this flaw is that attackers can easily steal personal information and see sensitive information and even passwords used on vulnerable websites and systems.

Impact on UC Berkeley IT Systems

Campus information security is actively identifying potentially vulnerable systems, and monitoring for attempts to exploit the flaw. IT staff on campus have been asked to review their systems and apply available patches.

Our CalNet login site and email system did not have this vulnerability. However, other campus systems, and other systems you may use outside of campus in your professional or personal life, may be at risk.

Recommended Precautions

We are asking you to please take the following voluntary precautions.

  1. Change your CalNet passphrase to a phrase you have not used before and do not use anywhere else. As a reminder, do not blindly follow links asking you to reset your CalNet passphrase.
  2. Change critical passwords for any campus, professional or personal accounts of importance.
  3. Change your CalNet passphrase and other passwords again in another two weeks. Some websites and Internet services have already fixed this vulnerability, and for other sites, it will take longer. A second round of changes is recommended, by which time we hope this issue has been widely addressed around the world.

Beware of Suspicious Email and Phishing Attempts

In addition to the above precautions, we are asking you to be aware of the following:

  1. Not sure if it’s a Phish? We are confident scammers will attempt to send emails to our campus, asking you to visit links to change your password in response to this or similar IT emergencies. We encourage you to be skeptical and check if in doubt. You may always send email to consult@berkeley.edu if you are unsure whether an email is legitimate.
  2. Do not share your CalNet passphrase with anyone. No person should ask you to reveal your CalNet credentials, via email, in-person or on the phone. Any such request is not a legitimate request and may be refused.

The campus information security team can provide more in-depth presentations about this vulnerability, phishing scams, or other security topics to campus departments, units or other peer organizations. We encourage departmental administrators and other interested individuals and groups to send an email to security@berkeley.edu or visit https://security.berkeley.edu/phishing for more information.


A member of the Chancellor's Cabinet, the AVC-IT/CIO leads the campuswide IT planning effort, chairs the Campus Technology Council (CTC), and sponsors the following campuswide IT committees:

The AVC-IT/CIO's campuswide role is supported by the Office of the CIO (OCIO), which provides the following CIO Services:

The AVC-IT/CIO represents UC Berkeley in the following organizations:

The AVC-IT/CIO oversees the campus's central IT service organization Information Services and Technology (IST).

Contact information:

Larry Conrad
Associate Vice Chancellor – IS&T and Chief Information Officer
larry_conrad@berkeley.edu
Lyle Nevels
Assistant Vice Chancellor – IS&T and Deputy Chief Information Officer
lnevels@berkeley.edu
University of California, Berkeley
Earl Warren Hall
2195 Hearst Ave Suite 200A # 4878
Berkeley, CA 94720-4878
510-643-4090
510-643-5385 fax

 

UC Berkeley Campuswide Technology Service Providers
Site Map Contact Webmaster