Pages

Thursday, October 17, 2024

Gone Missing

A promised Annual Report on online education at UC seems to have gone missing:

October 1, 2024

YVETTE GULLATT, VICE PRESIDENT & VICE PROVOST

GRADUATE, UNDERGRADUATE AND EQUITY AFFAIRS

Re: Request for UC Online Annual Report

Dear Vice President Gullatt,

At its September 2024 meeting, the Academic Council endorsed the attached letter* from the University Committee on Educational Policy (UCEP) requesting an annual report from UC Online on its systemwide course offerings. This request reflects the Senate’s ongoing interest in the success of UC Online, as well as a desire for greater transparency regarding enrollment trends, student demographics, and academic outcomes. As UC Online continues to grow, it is important that the unit be equipped with the means to provide a clear and comprehensive overview of its impact on student access to courses, students’ performance, and overall program effectiveness.

UCEP has identified several key areas that should be addressed in the annual report, including:

1) The number of students who applied for, enrolled in, and completed UC Online courses over the past academic year.

2) Demographic breakdowns for these students, including transfer, firstgeneration, underrepresented, and other historically under-served groups.

3) A list of all UC Online courses offered, including course names, sponsoring campus, numbers, units, and enrollment/completion data, along with average final grades.

4) A report from the UC Online Advisory Council outlining its membership, meeting dates, and key decisions made.

The Academic Council believes such data as outlined above will provide valuable insights into UC Online that can help inform strategic planning and resource allocations. These data will also enable the Senate to better understand the program’s role in advancing the University’s educational mission and addressing student equity gaps.

We would appreciate a response confirming whether this request for an annual report will be accommodated, and if so, a timeline for when we can expect the report. If there are any concerns or reasons that the request cannot be met, we kindly ask that you communicate this to the Senate so we can determine next steps.

Please feel free to contact me if you have any questions.

Sincerely,

Steven W. Cheung, Chair, Academic Council

Cc: Academic Council, UCEP, Executive Director Moe, Senate Division Executive Directors, Senate Executive Director Lin

===

*The letter above and the attached letter to which reference is made are at https://senate.universityofcalifornia.edu/_files/reports/ac-yg-request-uconline-annual-report-10-1-24.pdf. Excerpt from the attached letter:

...UC Online’s new executive director, appointed in May 2023, met with UCEP for the first time in December 2023. The executive director reviewed the seven recommendations delineated in the July memo and stated that the program is committed to ensuring data is appropriately collected, secured, and analyzed. The committee was informed that UC Online would begin producing an annual report and the executive director anticipated that the first report would be available to share with UCEP later this academic year (expected by Spring 2024). When the executive director joined UCEP on May 20th, 2024 the committee was informed that the annual report would not be available until the fall...

Nominations

To: Academic Senate Faculty, Administrative Officers, Deans, Department Chairs, Directors, Vice Chancellors and Vice Provosts

Dear Colleagues:

This is a call for nominations for UCLA’s 2024–2025 Dickson Emeritus Professorship Award and the Carole E. Goldberg Emeriti Service Award and an explanation of nominating procedures for both awards.

The Dickson Emeritus Professorship Award

The Dickson Award was created by a gift endowment from the late Edward A. Dickson, a Regent of the University of California from 1913 to 1946. The award honors outstanding research, scholarly work, teaching and/or educational service (e.g. service in professional, University, Academic Senate, emeriti, departmental or editorial posts or committees) performed by an emeritus/emerita professor since retirement. Each of the UC campuses has received funds that will support one or more awards each year.

The Carole E. Goldberg Emeriti Service Award

The Goldberg Award was created in 2014 to recognize extraordinary service by an emeritus/emerita professor to the academic enterprise after retirement. The award honors outstanding service in professional, University, Academic Senate, emeriti, departmental or editorial posts or committees performed at UCLA by an emeritus/emerita professor since retirement.

Nominating Procedures for Both Awards

Departments are limited to one nomination each year for each award. Department chairs or their designees are asked to submit nominations. Individuals also may nominate colleagues for these awards, but must coordinate with the department chair to submit nominations.

For both awards, nominations must include a cover letter, a copy of the nominee’s curriculum vitae and two supporting letters from leaders in the field commenting specifically on the nominee’s achievements since retirement.

• Dickson Award — nominators should concentrate on and highlight the nominee’s distinctive research, scholarly work and/or educational service since retirement.

• Goldberg Award — nominators should concentrate on and highlight the nominee’s distinguished service to UCLA since retirement.

Nominations are due by Monday, February 10, 2025. Please submit your nominations online via the Emeriti Awards Nomination Portal: https://www.surveymonkey.com/r/dicksongoldberg25

The awardee(s) will be announced on or before Monday, April 21, 2025. The awards, consisting of cash prizes and certificates, will be presented in the spring by the UCLA Emeriti Association.

If you have any questions regarding eligibility or the nomination procedure, please contact Emeriti Association President, Professor Emeritus Fernando Torres-Gil, Torres@luskin.ucla.edu.

Sincerely,

Kathleen L. Komar, Interim Vice Provost for Academic Affairs & Personnel

Michael S. Levine, Interim Executive Vice Chancellor and Provost, and Chair, UCLA Emeriti Association Award Selection Committee

Source: Email circulation.

Wednesday, October 16, 2024

Compartmentalized

Apparently, different sports at UCLA are to get different sources of NIL funds. From the LA Times

UCLA’s football team is making a massive midseason change as part of a reboot of the athletic department’s name, image and likeness endeavors. Bruins for Life, a new NIL arm established to focus solely on football, will join Champion of Westwood and Men of Westwood as one of the school’s NIL branches. “This structure gives us more clarity and makes it easier for people that want to support our student-athletes to do it,” UCLA athletic director Martin Jarmond told The Times. “You really need a more singular, specialized focus when it comes to raising money for football and men’s and women’s basketball.”

As part of the reorganization, Champion of Westwood will support women’s basketball and the Olympic sports while Men of Westwood will support men’s basketball...

Full story at https://www.latimes.com/sports/ucla/story/2024-10-15/ucla-bruins-for-life-nil-fundraising-reboot.

Avoiding Gmail Fraud

The moral of the story below is that if you receive a call purporting to be from Google or Gmail, hang up, no matter how genuine or persuasive it appears to be. And if you get some kind of email notification, it's probably phony.

Many in the UCLA community have a Gmail account apart from their official UCLA (...ucla.edu) account. They may use Gmail for personal matters or forward their UCLA account to Gmail.

New Gmail Security Alert For 2.5 Billion Users As AI Hack Confirmed

Davey Winder, Oct 13, 2024, Forbes

Update, Oct. 13, 2024: This story, originally published Oct. 11, includes details of a new Google anti-scam alliance initiative, a new warning about legitimate-looking support scams and details of Google’s Advanced Protection Program to protect high-risk accounts. 

Google has implemented increasingly sophisticated protections against those who would compromise your Gmail account—but hackers using AI-driven attacks are also evolving. According to Google’s own figures, there are currently more than 2.5 billion users of the Gmail service. No wonder, then, that it is such a target for hackers and scammers. Here’s what you need to know.

The Latest AI-Driven Gmail Attack Is Scary Good

Sam Mitrovic, a Microsoft solutions consultant, has issued a warning after almost falling victim to what is described as a “super realistic AI scam call” capable of tricking even the most experienced of users. It all started a week before Mitrovic realized the sophistication of the attack that was targeting him. “I received a notification to approve a Gmail account recovery attempt,” Mitrovic recounts in a blog post warning other Gmail users of the threat in question. The need to confirm an account recovery, or a password reset, is a notorious phishing attack methodology intended to drive the user to a fake login portal where they need to enter their credentials to report the request as not initiated by them.

Unsurprisingly, then, Mitrovic wasn’t falling for this and ignored the notification that appeared to originate from the U.S. and a missed phone call, pertaining to be from Google in Sydney, Australia, some 40 minutes later. So far, so relatively straightforward and easy to avoid. Then, almost exactly a week later, the fun started in earnest—another notification request for account recovery approval followed by a telephone call 40 minutes later. This time, Mitrovic didn’t miss the call and instead picked up: an American voice, claiming to be from Google support, confirmed that there was suspicious activity on the Gmail account.

“He asks if I’m traveling,” Mitrovic said, “when I said no, he asks if I logged in from Germany, to which I reply no.” All of this to engender trust in the caller and fear in the recipient. This is when things turned dark fast and really rather clever in the overall scheme of phishing things. The so-called Google support person informed Mitrovic that an attacker had accessed his Gmail account for the past 7 days, and had already downloaded account data. This rang alarm bells as Mitrovic recalled the recovery notification and missed call from a week earlier.

Googling the phone number he was being called from while speaking, Mitrovic discovered that it did, indeed, lead to Google business pages. This alone is a clever tactic likely to fool plenty of unsuspecting users caught up in the panic of the moment, as it wasn’t a Google support number but rather about getting calls from Google Assistant. “At the start of the call, you'll hear the reason for the call and that the call is from Google. You can expect the call to come from an automated system or, in some cases, a manual operator,” the 100% genuine page helpfully informs the reader.

Garry Tan, the founder of venture capital firm and startup accelerator Y Combinator, has taken to X, formerly known as Twitter, to issue a warning about another phishing scam that he described as being “pretty elaborate” which also leverages AI so as to present itself as believable. Once again, as with the scam that almost fooled Sam Mitrovic, a security consultant remember, this latest warning concerns contact from a so-called Google support technician. I wouldn’t go as far as one commenter on X who suggested the giveaway was that Google doesn’t have any support for users, but it’s not that too far from the truth when it comes to these scams: Google support will not contact you out of the blue like this. “Do not click yes on this dialog,” Tan warned, “you will be phished.”

In the case of the scam that targeted Tan, the supposed Google support person claimed that the company had received a death certificate and a family member was attempting to recover his account. The caller, in other words, and only AI could be this stupid, was checking that the person answering was alive. “It's a pretty elaborate ploy to get you to allow password recovery,” Tan went on to warn, but spotted that the account recovery screen he was presented with had a device field that displayed the name of a Google support worker rather than an actual device used to access the account. Tan suggested that whoever designed the interface for recovery should be employing some pretty basic regular expression checks, or even AI-based fraud detection, on the text field in question. “It's trivial to check the device name for this,” he concluded. Part of the scam involved getting Tan to re-add his cellphone number as part of the verification process to trigger an account recovery dialog. Tan was, however, wise to this: “I’ve been SIM swapped, so know not to have my cell on my accounts ever,” Tan explained.

Using Google Forms To Make Contact Appear Legitimate

Fraudsters have also been seen abusing Google Forms, a free online tool that is part of Google Workspace, to create legitimate looking documents sent as part of support scams. By sending a copy of the form to the target address, using the response receipt option of Google Forms, the document is sent via genuine Google servers which adds legitimacy to the scam. Checking the email will show it as being from workspacesupport@google.com for example, which acts to lower any red flags the recipient might have had. One such scam used such a form to mimic an account recovery password reset form, telling the target they would get a SMS notification from a named support agent and giving them the number to check. This double-legitimacy method is enough to fool plenty of people, lots of the time. In this case, the slip-up, and only then if the person on the receiving end was savvy enough to realize, was a confusingly complex and overlong password reset process.

Lessons To Be Learned From These Google Support Hack Near Misses

Mitrovic did the right thing, or at least the next best thing to hanging up, and asked the supposed support guy to send an email confirmation—an email which arrived soon after, from a Google domain and looking for all intents and purposes genuine. At this point he noticed the to field contained a cleverly disguised address that wasn’t actually a Google domain but could, once again, easily fool those not of a technical bent.

The real giveaway for Mitrovic, however, was when the caller said hello and after no response said hello again. “At this point I released it as an AI voice as the pronunciation and spacing were too perfect,” Mitrovic said.

It’s well worth reading the original blog from Mitrovic as it contains much more technical detail and detective work that I don’t have the space to cover in this report. Knowledge is everything, and the threat intelligence provided by this consultant is genuinely invaluable for anyone who might find themselves in a similar situation: forearmed is forewarned. It’s almost a certainty that the attacker would have continued to a point where the so-called recovery process would be initiated, in truth this would be a cloned login portal capturing user credentials and likely the use of some kind of session cookie stealing malware to bypass two-factor authentication if that was in place...

Staying Safe From The Most Advanced Of Gmail Scams

AI deepfakes are not just used for porn and politics, they are used to perpetrate seemingly straightforward account takeovers such as in this case. Stay calm if you are approached by someone claiming to be from Google support, they won’t phone you so there’s a massive red flag right away, and no harm will come to you if you hang up. Use the tools at your disposal, ironically Google search itself and your Gmail account, to make checks during the call if you are concerned its could be genuine and ignoring it could cause harm. Search for the phone number, see where it’s really coming from. Check your Gmail activity to see what, if any, devices other than your own have been using the account. Take note of what Google says about staying safe from attackers using Gmail phishing scams. Most importantly, never let yourself be rushed into making a knee-jerk reaction, no matter how much urgency is injected into a conversation. It’s that sense of urgency that the attackers rely upon to swerve your normal good judgement and click a link or give up credentials...

Source: https://www.forbes.com/sites/daveywinder/2024/10/13/new-gmail-security-alert-for-billions-as-7-day-ai-hack-confirmed/.

Tuesday, October 15, 2024

Cash for Quarter 1 of the Fiscal Year

The state controller reports cash receipts ran over the estimate made back when the budget was being cooked to the tune of $4.1 billion or almost 11% above the projection. Much came from corporate and personal income tax receipts. And the state is sitting on unused borrowable resouces of $97 billion which is a lot of cash. 

That's the good news. The bad news, if it is that, is that the state seems to be giving less cash to UC than anticipated. The anticipated payment to UC for the first quarter of the fiscal year was projected to be about $1.2 billion. The state has in fact distributed $702 million UC. Maybe some of the gap is the $25 million withheld by the legislature pending a plan by UC to deal with protests. Presumably, however, that withholding would have been incorporated into the projection and, in any case, it doesn't come close to explaining the gap. Given the amount of cash the state has, it seems unlikely to be the result of illiquidity.

That's all I know.

We keep on asking the obvious question...


Monday, October 14, 2024

The latest fraud

I've seen phony text messages purporting to be from the IRS, the Postal Service, various banks, UPS, and others. The one above is new. The email address shown does not exist but if you click on it, it will take you to where you don't want to be. If you get such messages and you think it might be legit, don't respond to whatever email address or phone number is given. Instead, look up the real email or phone and use that contact.