US Employee Outsources Job To China To Spend Working Hours Surfing The Web

US Employee Outsources Job To China To Spend Working Hours Surfing The WebA security check on a US company has reportedly revealed one of its staff was outsourcing his work to China. The software developer, in his 40s, is thought to have spent his workdays surfing the , watching cat videos on YouTube and browsing Reddit and eBay. He reportedly paid just a fifth of his six-figure salary to a company based in Shenyang to do his job.

‘Anomalous activity’

Operator Verizon says the scam came to light after the US firm asked it for an audit, suspecting a security breach. According to Andrew Valentine, of Verizon, the infrastructure company requested the operator’s risk team last year to investigate some anomalous activity on its virtual private network (VPN) logs.


‘Average nine-to-five work day’

The company had discovered the existence of an open and active VPN connection from Shenyang to the employee’s workstation that went back months, Mr Valentine said. And it had then called on Verizon to look into what it had suspected had been malware used to route confidential information from the company to China. Further investigation of the employee’s computer had revealed hundreds of PDF documents of invoices from the Shenyang contractor, he added.

“Authentication was no problem. He physically FedExed his RSA [security] token to China so that the third-party contractor could log-in under his credentials during the workday. It would appear that he was working an average nine-to-five work day,” he added.

The employee no longer worked at the firm, Mr Valentine said.

Well, what can you say about this employee’s outsourcing “scam”? Dumb or ingenuous? Would you resort to the same move to make your workload lighter?

Source: BBC News

Image: TNT Magazine

Half a Million Mac Computers Infected With Trojan

More than half a million Apple computers have been infected with the Flashback Trojan, according to a Russian anti-virus firm. Its  claims that about 600,000 Macs have installed the malware – potentially allowing them to be hijacked and used as a “botnet”.

The firm, Dr Web, says that more than half that number are based in the US. Apple has released a security update, but users who have not installed the patch remain exposed. Flashback was first detected last September when anti-virus researchers flagged up software masquerading itself as a Flash Player update. Once downloaded it deactivated some of the computer’s security software. Later versions of the malware exploited weaknesses in the Java programming language to allow the code to be installed from bogus sites without the user’s permission.


Dr Web said that once the Trojan was installed it sent a message to the intruder’s control server with a unique ID to identify the infected machine. Dr Web also notes that 274 of the infected computers it detected appeared to be located in Cupertino, California – home to Apple’s headquarters.

Java’s developer, Oracle, issued a fix to the vulnerability on 14 February, but this did not work on Macintoshes as Apple manages Java updates to its computers. Apple released its own “security update” on Wednesday – more than eight weeks later. It can be triggered by clicking on the software update icon in the computer’s system preferences panel.

Although Apple’s system software limits the actions its computers can take without requesting their users’ permission, some security analysts suggest this latest incident highlights the fact that the machines are not invulnerable. Apple could not provide a statement at this time.

Source: BBC News

Image: Slate