From: Al Stangenberger (forags_at_nature.berkeley.edu)
Date: Wed Aug 27 2003 - 16:03:49 PDT
A related question - do the campus sure-pay statements still have employees'
full SSN's listed? It seems like a risk if they are lost/stolen.
(I get mine from UCRS now, and they have the numbers partially blocked.)
-Al Stangenberger
At 03:28 PM 8/27/03 -0700, Philip Loarie wrote:
>It's pretty scary when computer managers like you George
>are not given a satisfactory answers.
>
>I think it's time we pressure Blu to clean it up. What Dean, Provost,
>or head person is the right person to present our complaints?
>
>my 2 cents.
>-Phil
>
>"George C. Kaplan" wrote:
> >
> > In message <3F4CFD7F.D9A92A70_at_eecs.berkeley.edu>, "Alexander Brown" writes:
> > > When you log into blu with your calnet credentials, you then have the
> > > option to change where your paycheck is direct deposited. There is no
> > > additional opt-in; if you have a calnet ID, you are set up to be able to
> > > do this. Additionally, there is no way to opt out. Anyone who steals
> > > your calnet credentials can therefore also redirect your paycheck to the
> > > account of their choice.
> >
> > Not only can you change your direct deposit options, but if you do have
> > it set up, blu will display your full bank account number. (Ironic; my
> > *bank* doesn't even display the full account number on their web site).
> > So even if an intruder doesn't change your direct deposit, he could do
> > all sorts of mischief using your bank account number and SSN.
> >
> > I raised this with the Blu staff when the portal first went live, and
> > never received a satisfactory answer, beyond bland assurances of
> > "enterprise level security" and "strong language in the Blu Terms of
> > Use".
> >
> > --
> > George C. Kaplan gckaplan_at_ack.berkeley.edu
> > Communication & Network Services 510-643-0496
> > University of California at Berkeley
> >
> > -------------------------------------
> > Sent via the ucb-security mailing list.
>
>--
>Phil Loarie *(works with two UC organizations)
>Computer User Support Group / EECS
>Digital Library Project / ERL
>-------------------------------------
>Sent via the ucb-security mailing list.
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
This archive was generated by hypermail 2.1.5 : Wed Aug 27 2003 - 16:09:26 PDT