Connect with us

Biz & IT

Shareholder suit alleges Google covered up its sexual harassment problems with big payouts

Published

on

Months after an earth-shattering New York Times investigation exposed Google parent company Alphabet’s $90 million payout to Android co-founder Andy Rubin, despite the accusations of sexual misconduct made against him, a Google shareholder is suing the company.

James Martin filed suit in the San Mateo Superior Court Thursday morning, alleging the company’s leaders deployed massive allowances to poor-behaving executives to cover up harassment scandals. Both Rubin and Google’s former head of search Amit Singhal, who peacefully left the company in 2016 amid harassment allegations that weren’t made public until the following year, are listed as defendants in the court filing. This is because the plaintiff is seeking a full return of the massive payouts awarded to the embattled former execs.

With charges including breach of fiduciary duty, unjust enrichment, abuse of power and corporate waste, per The Washington Post, the lawsuit asks for an end of nondisclosure and arbitration agreements at Google, which ensure workplace disputes are settled behind closed doors and without any right to an appeal. Martin is also requesting Google incorporate three new directors to the Alphabet board and put an end to supervoting shares, which gives certain shareholders more voting control.

The lawsuit also targets Rubin, Google co-founders Larry Page and Sergey Brin, chief executive officer Sundar Pichai and executive chairman Eric Schmidt. Former human resources director Laszlo Bock, chief legal officer David Drummond and former executive Amit Singhal are also named, as are long-time venture capitalists and Google board members John Doerr and Ram Shriram.

Google didn’t immediately respond to a request for comment.

Following the release of the NYT report, Googlers across the world rallied to protest the company’s handling of sexual misconduct allegations. The protestors had five key asks, including an end to forced arbitration in cases of harassment and discrimination, a commitment to end pay and opportunity inequity and a clear, uniform, globally inclusive process for reporting sexual misconduct safely and anonymously. Google ultimately complied with employees and put an end to forced arbitration; other tech companies, such as Airbnb, followed suit.

Source link

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

Ars Technicast special edition, part 1: The Internet of Things goes to war

Published

on

Enlarge / This adorable robot is one data point in the connected battlespace—the web of sensors that links together all the elements in a modern engagement.

Leon Neal / Getty Images

Welcome to a special edition of the Ars Technicast! Ars has partnered with Northrop Grumman to produce a two-part series looking at the evolution of connectivity on the modern battlefield—how the growing ubiquity of sensors and instrumentation at all levels of the military is changing the way we think about fighting. You can listen to part one right here. (A transcript of the podcast will be available a few hours after this story goes live.)

We all know what the Internet of Things is, even though that’s always been kind of a nonsensical name—it’s the idea that adding smarts and sensors to formerly “dumb” devices like refrigerators and washing machines and coffee makers creates an overlapping interconnected network of physical devices. The central concept is linking together physical objects by some kind of data stream, and as it turns out, the military has been going down a similar road of increased connectivity for many years.

But mo’ connectivity, as they say, means mo’ problems, and there have been many past efforts to try to get to about where we are today (some highly publicized). All have encountered issues that run the gamut from the physical to the logistical.

However, there’s reason to believe that this time around, things will be different. For one thing, we’re in the middle of a genuine revolution in machine learning and the ability to algorithmically sort massive amounts of data at scale—the kind of scale that you might encounter when dealing with a military theater containing thousands of troops and potentially hundreds of thousands (or even millions) of individual sensors.

To talk about the military IoT and the connected battlespace, we sat down for a chat with Scott Stapp, the newly minted Chief Technology Officer of Northrop Grumman. (No, not that Scott Stapp.) As a former brigadier general and Department of Defense staffer, Scott has been in a position to watch the development of the military IoT concept, and is uniquely positioned to discuss the future of connected warfighting.

If this topic interests you, then make sure to check back next week for part two of the series, where we focus in on the role of open systems in connecting together all the different moving pieces required to make the connected battlespace function. You can also get more episodes of the Ars Technicast here:

Continue Reading

Biz & IT

Security firm Malwarebytes was infected by same hackers who hit SolarWinds

Published

on

Security firm Malwarebytes said it was breached by the same nation-state-sponsored hackers who compromised a dozen or more US government agencies and private companies.

The attackers are best known for first hacking into Austin, Texas-based SolarWinds, compromising its software-distribution system, and using it to infect the networks of customers who used SolarWinds’ network management software. In an online notice, however, Malwarebytes said the attackers used a different vector.

“While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor,” the notice stated. “We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments.”

Investigators have determined the attacker gained access to a limited subset of internal company emails. So far, the investigators have found no evidence of unauthorized access or compromise in any Malwarebytes production environments.

The notice isn’t the first time investigators have said the SolarWinds software supply chain attack wasn’t the sole means of infection.

When the mass compromise came to light last month, Microsoft said the hackers also stole signing certificates that allowed them to impersonate any of a target’s existing users and accounts through the Security Assertion Markup Language. Typically abbreviated as SAML, the XML-based language provides a way for identity providers to exchange authentication and authorization data with service providers.

Twelve days ago, the Cybersecurity & Infrastructure Security Agency, said the attackers may have obtained initial access by using password guessing or password spraying or by exploiting administrative or service credentials.

Mimecast

“In our particular instance, the threat actor added a self-signed certificate with credentials to the service principal account,” Malwarebytes researcher Marcin Kleczynski wrote. “From there, they can authenticate using the key and make API calls to request emails via MSGraph.”

Last week, email management provider Mimecast also said that hackers compromised a digital certificate it issued and used it to target select customers who use it to encrypt data they sent and received through the company’s cloud-based service. While Mimecast didn’t say the certificate compromise was related to the ongoing attack, the similarities make it likely the two attacks are related.

Because the attackers used their access to the SolarWinds network to compromise the company’s software build system, Malwarebytes researchers investigated the possibility that they too were being used to infect their customers. So far, Malwarebytes said it has no evidence of such an infection. The company has also inspected its source code repositories for signs of malicious changes.

Malwarebytes said it first learned of the infection from Microsoft on December 15, two days after the SolarWinds hack was first disclosed. Microsoft identified the network compromise through suspicious activity from a third-party application in Malwarebytes’ Microsoft Office 365 tenant. The tactics, techniques, and procedures in the Malwarebytes attack were similar in key ways to the threat actor involved in the SolarWinds attacks.

Malwarebytes’ notice marks the fourth time a company has disclosed it was targeted by the SolarWinds hackers. Microsoft and security firms FireEye and CrowdStrike have also been targeted, although CrowdStrike has said the attempt to infect its network was unsuccessful. Government agencies reported to be affected include the Departments of Defense, Justice, Treasury, Commerce, and Homeland Security as well as the National Institutes of Health.

Continue Reading

Biz & IT

Ars online IT roundtable tomorrow: What’s the future of the data center?

Published

on

If you’re in IT, you probably remember the first time you walked into a real data center—not just a server closet, but an actual raised-floor data center, where the door wooshes open in a blast of cold air and noise and you’re confronted with rows and rows of racks, monolithic and gray, stuffed full of servers with cooling fans screaming and blinkenlights blinking like mad. The data center is where the cool stuff is—the pizza boxes, the blade servers, the NASes and the SANs. Some of its residents are more exotic—the Big Iron in all its massive forms, from Z-series to Superdome and all points in between.

For decades, data centers have been the beating hearts of many businesses—the fortified secret rooms where huge amounts of capital sit, busily transforming electricity into revenue. And they’re sometimes a place for IT to hide, too—it’s kind of a standing joke that whenever a user you don’t want to see is stalking around the IT floor, your best bet to avoid contact is just to badge into the data center and wait for them to go away. (But, uh, I never did that ever. I promise.)

But the last few years have seen a massive shift in the relationship between companies and their data—and the places where that data lives. Sure, it’s always convenient to own your own servers and storage, but why tie up all that capital when you don’t have to? Why not just go to the cloud buffet and pay for what you want to eat and nothing more?

There will always be some reason for some companies to have data centers—the cloud, for all its attractiveness, can’t quite do everything. (Not yet, at least.) But the list of objections to going off-premises for your computing needs is rapidly shrinking—and we’re going to talk a bit about what comes next.

Join us for a chat!

We’ll be holding a livestreamed discussion on the future of the data center on Tuesday, January 20, at 3:15pm Eastern Time (that’s 12:15pm Pacific Time, and 8:15pm UTC). On the panel will be Ars Infosec Editor Emeritus Sean Gallagher and myself, along with special guest Ivan Nekrasov, data center demand generation manager and field marketing consultant for Dell Technologies.

If you’d like to pitch us questions during the event, please feel free to register here and join us during the meeting tomorrow on Zoom. For folks who just want to watch, the live conversation will be available on Twitter, and we’ll embed the finished version (with transcript) on this story page like we did with our last livestream. Register and join in, or check back here after the event to watch!

Continue Reading

Trending