US Employee Outsources Job To China To Spend Working Hours Surfing The Web

US Employee Outsources Job To China To Spend Working Hours Surfing The WebA security check on a US company has reportedly revealed one of its staff was outsourcing his work to China. The software developer, in his 40s, is thought to have spent his workdays surfing the , watching cat videos on YouTube and browsing Reddit and eBay. He reportedly paid just a fifth of his six-figure salary to a company based in Shenyang to do his job.

‘Anomalous activity’

Operator Verizon says the scam came to light after the US firm asked it for an audit, suspecting a security breach. According to Andrew Valentine, of Verizon, the infrastructure company requested the operator’s risk team last year to investigate some anomalous activity on its virtual private network (VPN) logs.


‘Average nine-to-five work day’

The company had discovered the existence of an open and active VPN connection from Shenyang to the employee’s workstation that went back months, Mr Valentine said. And it had then called on Verizon to look into what it had suspected had been malware used to route confidential information from the company to China. Further investigation of the employee’s computer had revealed hundreds of PDF documents of invoices from the Shenyang contractor, he added.

“Authentication was no problem. He physically FedExed his RSA [security] token to China so that the third-party contractor could log-in under his credentials during the workday. It would appear that he was working an average nine-to-five work day,” he added.

The employee no longer worked at the firm, Mr Valentine said.

Well, what can you say about this employee’s outsourcing “scam”? Dumb or ingenuous? Would you resort to the same move to make your workload lighter?

Source: BBC News

Image: TNT Magazine

Why You Shouldn’t Use ‘Password1′ as Business System Password

The number one way hackers get into protected systems isn’t through a fancy technical exploit. It’s by guessing the password. That’s not too hard when the most common password used on business systems is “Password1.”

There’s a technical reason for Password1′s popularity: It’s got an upper-case letter, a number and nine characters. That satisfies the complexity rules for many systems, including the default settings for Microsoft’s widely used Active Directory identity management software. Security services firm Trustwave spotlighted the “Password1″ problem in its recently released “2012 Global Security ,” which summarizes the firm’s findings from nearly 2 million network vulnerability scans and 300 recent security breach investigations.

Around 5% of passwords involve a variation of the word “password,” the company’s researchers found. The runner-up, “welcome,” turns up in more than 1%. Easily guessable or entirely blank passwords were the most common vulnerability Trustwave’s SpiderLabs unit found in its penetration tests last year on clients’ systems.


Exploiting weak or guessable passwords was the top method attackers used to gain access last year. It played a role in 29% of the security breaches Verizon’s response team investigated.

But attackers are increasingly using brute-force tools that simply cycle through all possible character combinations. Length is the only effective guard against those. A seven-character password has 70 trillion possible combinations; an eight-character password takes that to more than 6 quadrillion.

Source: CNN

Image: The Kitchen Cabinet