Tag Archive for: request

RTK request for computer logins partially approved and denied by OOR

/in


SOMERSET ― The Pennsylvania Office of Open Records filed its determination Sept. 27 concerning a right-to-know request filed by Lester Younkin and denied by Somerset County Commissioners, giving each party a victory.

Younkin said this week he will appeal the determination.

His request, seeking certain computer log information for specified county employees, was determined as granted in part and denied in part. Granted was the county’s point that disclosure of the active directory logs is likely to pose a risk to the county’s computer security, but that access to employees’ names and login and logout times can be released under the state’s Right-to-Know Law.

However, the OOR determined the county doesn’t have those records that Younkin is asking for because the server log showing the login and logout information doesn’t exist within the county’s possession, custody or control.

“The county NEVER disputed the existence of the log. In fact, the IT director submitted an unredacted Active Directory log in their appeal in an attempt to justify why they can’t release the information,” Younkin said in an email. “The county has the information. They simply do not want to release it. The county claim that they would need to purchase software to extract the data is blatantly false.”

More: Somerset commissioners say they have no evidence employees abusing time-off policies

County solicitor Christopher Furman, on behalf of the county commissioners, issued this statement:

“On Sept. 27, 2023, the Office of Open Records issued its Final Determination in OOR Appeal No. 2023-1983, granting the appeal in part, denying it part. The request was for daily computer and Exchange server login and logout times for certain personnel. Because the county does not use an Exchange server, that part of the appeal was denied. Regarding the computer login information, the county’s software is not currently capable of producing the requested information without producing certain other information embedded with it that, if disclosed, would pose a risk to the county’s computer security. Put simply, to provide the requested data, the county will need different software. Because Section 1307(g) of the RTKL provides…

Source…

Toronto posts new request for private security firm to ‘patrol and monitor’ parks – Toronto

/in


The City of Toronto is once again petitioning for private security companies to patrol its parks and investigate “possible attempted encampments, safety hazards and criminal activity.”

The new posting comes after an attempt in May to find a company to provide security at municipal parks failed.

The city came under fire from some earlier this year when it put out a request for proposals (RFP) to find private security firms to prevent encampments in parks.

That RFP failed to draw qualified bidders, the city said, with two companies given short-term, non-competitive contracts to provide the service.

Read more:

Toronto looking at hiring private security at major parks to prevent encampments

During the spring, the city awarded two short-term contracts to patrol parks including Trinity Bellwoods Park, Lamport Stadium Park, Alexandra Park and Dufferin Grove.

Story continues below advertisement

“The current parks security contracts with Logix Security Inc. and Valguard Security Inc. for $500,000 each began on April 13, 2022, and are temporary interim contracts to provide parks security until the contract associated with the RFP can be awarded,” a spokesperson for the City of Toronto said.

Amid the COVID-19 pandemic, large encampments formed across parks in Toronto as homeless people said they felt the shelters weren’t safe and feared contracting the virus.

Lamport Stadium and Trinity Bellwoods were both sites that saw many structures and tents. The City of Toronto was criticized for the tactics police officers used to clear the encampments.

Read more:

Toronto planned encampment clearing operation for months, built profiles of residents

An RFP for security services to patrol city parks closed on May 30, 2022, but none of the bidders met Toronto’s criteria, the city said.

The new RFP, posted on Wednesday, says Toronto is looking to retain a company that will offer security guard services at parks around the city.

Trending Stories

  • Canadians wait in pain for orthopaedic surgery amid record backlogs: ‘Only getting worse’

  • Source…

‘Hack DHS’ Bug Bounty Program to Begin Second Phase with New Contract Request

/in


The Department of Homeland Security has issued a solicitation for companies to provide crowdsourced vulnerability assessment services—including for competitions and live events—for phase two of the agency’s “Hack DHS” bug bounty program. 

The request for proposals says that the contract “will be used to conduct crowdsourced vulnerability discovery and disclosure activities across the full range of networks, systems and information, including web applications, software, source code, software-embedded devices and other technologies as solicited across the whole Department of Homeland Security, or other assets as deemed appropriate by the program office.”

DHS established the “Hack DHS” bug bounty program following passage of the Strengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure Technology Act, or the SECURE Technology Act, in 2018. Under the law, DHS is required to establish a multi-year bug bounty program allowing eligible individuals, organizations and companies to receive compensation for identifying and reporting vulnerabilities in the agency’s systems. 

The agency announced in April that it has completed the first phase of its bug bounty program, in which 450 vetted security researchers identified 122 vulnerabilities in “select external DHS systems.” 27 of these vulnerabilities were considered “critical” by DHS. Researchers and ethical hackers who participated in the first phase of the program had the opportunity to receive up to $5,000 for identifying verified vulnerabilities, and DHS reported that it awarded a total of $125,600 to participants. 

Under the second phase of the program, researchers and ethical hackers will participate in live hacking events, while the third and final phase will allow DHS to identify and review the lessons learned from the program, as well as plan for additional bug bounty initiatives. 

The RFP calls for six time-boxed challenges and two continuous challenges during the first year of the contract, and then up to 12 time-boxed and five continuous challenges in the optional contract years. The contractors are also expected to conduct live, U.S.-based events with between 15 to 50 researchers, as…

Source…

Russia Takes Down Hacking Group at US Request, Intelligence Service Says

/in


MOSCOW — 

Russia has conducted a special operation against ransomware crime group REvil at the request of the United States and has detained and charged the group’s members, the FSB domestic intelligence service said Friday.

The arrests were a rare apparent demonstration of collaboration between Russia and the United States, at a time of high tensions between the two over Ukraine. The announcement came even as Ukraine was responding to a massive cyberattack that shut down government websites, though there was no indication the incidents were related.

A joint police and FSB operation searched 25 addresses, detaining 14 people, the FSB said, listing assets it had seized, including 426 million rubles, $600,000, 500,000 euros, computer equipment and 20 luxury cars.

Russia informed the United States directly of the moves it had taken against the group, the FSB said on its website. The U.S. Embassy in Moscow said it could not immediately comment.

“The investigative measures were based on a request from the … United States,” the FSB said. ” … The organized criminal association has ceased to exist and the information infrastructure used for criminal purposes was neutralized.”

The REN TV channel aired footage of agents raiding homes and arresting people, pinning them to the floor, and seizing large piles of dollars and Russian rubles.

The group members have been charged and could face up to seven years in prison.

A source familiar with the case told Interfax the group’s members with Russian citizenship would not be handed over to the United States.

The United States said in November that it was offering a reward of up to $10 million for information leading to the identification or location of anyone holding a key position in the REvil group.

The United States has been hit by a string of high-profile hacks by ransom-seeking cybercriminals. A source with direct knowledge of the matter told Reuters in June that REvil was suspected of being the group behind a ransomware attack on the world’s biggest meatpacking company, JBS SA.

Washington repeatedly has accused the Russian state in the past of malicious activity on the internet, which Moscow denies.

Russia’s announcement…

Source…