Author Archives: Ida

by | July 24, 2012 · 6:10 am

Hospitality Industry Security Risks: Electronic Hotel Room Locks Shown To Be Vulnerable To "Hardware Gadgets"

The system’s vulnerability arises, Brocious says, from the fact that every lock’s memory is entirely exposed to whatever device attempts to read it through that port. Though each lock has a cryptographic key that’s required to trigger its “open” mechanism, that string of data is also stored in the lock’s memory, like a spare key hidden under the welcome mat.

At the Black Hat security conference Tuesday evening, a Mozilla software developer and 24-year old security researcher named Cody Brocious plans to present a pair of vulnerabilities he’s discovered in hotel room locks from the manufacturer Onity, whose devices are installed on the doors of between four and five million hotel rooms around the world according to the company’s figures. Using an open-source hardware gadget Brocious built for less than $50, he can insert a plug into that DC port and sometimes, albeit unreliably, open the lock in a matter of seconds. “I plug it in, power it up, and the lock opens,” he says simply.

The ability to access the devices’ memory is just one of the two vulnerabilities Brocious says he found in Onity’s locks. He says the company also uses a weak encryption scheme that allows him to derive the “site code”–a unique numerical key for every facility–from two cards encoded one after another for the same room. By reading the encrypted data off of two cards and testing thousands of potential site codes against both cards until the decoded data displays a predictable interval between the two, he can find the site code and use it to create more card keys with a magnetizing device. But given that he can only create more cards for the same room as the two keys he’s been issued, that security flaw represents a fairly low risk compared with the ability to open any door arbitrarily.

For more:  http://www.forbes.com/sites/andygreenberg/2012/07/23/hacker-will-expose-potential-security-flaw-in-more-than-four-million-hotel-room-keycard-locks/

6 Comments

Filed under Crime, Guest Issues, Liability, Maintenance, Management And Ownership, Technology

Tagged as , , , , , ,

by | July 23, 2012 · 6:08 am

Hospitality Industry Legal Risks: California Hotel Sued For Discrimination Under "Unruh Civil Rights Act" For Prohibiting Charitable Event

Alleging that they were the victims of discrimination, Ryan, the grandson of Holocaust survivors, and 17 other individuals later filed suit against Adaya and the hotel under California’s Unruh Civil Rights Act, which says no business establishment may discriminate on the basis of sex, race, color or religion. In addition to Adaya, the suit names Indus Investments Inc., the corporate owner and operator of the hotel.

Ari Ryan and other young leaders of the Friends of the Israel Defense Forces gathered on the afternoon of July 11, 2010, at the Hotel Shangri-La in Santa Monica for a charitable event. Soon after the party got underway around the hotel’s pool, apologetic hotel staff and security guards began telling group members to remove their literature and banners, to get out of the pool and hot tub, and to stop handing out T-shirts, according to Ryan and court documents.

The employees were acting on the orders of hotel owner Tehmina Adaya, according to the statements of witnesses and hotel employees in court documents. Adaya is a Muslim woman of Pakistani descent.

In court documents, Adaya said the July event had not been scheduled with the hotel and that the participants were trespassing on hotel property. Philip E. Black, an attorney for Adaya, declined to comment.

A jury trial is slated to begin Monday in Santa Monica Superior Court. The plaintiffs are seeking more than $1 million in damages.

According to the lawsuit, the charitable event was for the Legacy Program, a branch of the Friends of the Israel Defense Forces that raises funds to send children of fallen Israeli soldiers to summer camp. The party was planned by Platinum Events, a marketing firm that had organized other gatherings at the Shangri-La after the property underwent a $30-million renovation and reopened in mid-2009, the complaint said.

For more:  http://www.latimes.com/news/local/la-me-shangri-la-lawsuit-20120723,0,868164.story

Comments Off on Hospitality Industry Legal Risks: California Hotel Sued For Discrimination Under "Unruh Civil Rights Act" For Prohibiting Charitable Event

Filed under Guest Issues, Legislation, Liability, Management And Ownership, Risk Management

Tagged as , , , , ,

by | July 22, 2012 · 4:08 pm

Hospitality Industry Legal Risks: North Carolina Companies Outlawed From Firing Employees Before Or After Filing Legitimate Workers' Comp Claims

The North Carolina Retaliatory Employment Discrimination Act (REDA) outlaws discharging em­­ployees for filing workers’ compensation claims. It’s a protected activity. 

Equally illegal: Jumping the gun by firing employees before they ­actually fill out the workers’ compensation paperwork. Employees are also protected when they inform a supervisor that they may be filing a claim soon.

Recent case: Shannon worked as a property manager for M&M Properties for just three weeks. While cleaning a hotel room as part of his training, Shannon said he injured himself. He reported the incident to his supervisor and said he wanted to check with his doctor before filing a workers’ compensation claim in case he had merely pulled a muscle.

Meanwhile, the company issued a disciplinary warning, outlining problems encountered during Shannon’s training, such as tardiness and lack of communication. He was fired a few days later.

He went ahead with filing the workers’ comp claim—and then followed up with a REDA lawsuit. The company argued that because Shannon hadn’t filed a claim before he was terminated, he couldn’t argue retaliation.

The court disagreed. Otherwise, employers would be able to fire employees—and dodge liability—as soon as they got hurt. (Fatta v. M&M Properties Man­­agement, No. COA11-1397, Court of Appeals of North Caro­­lina, 2012)

For more:  http://www.businessmanagementdaily.com/31679/workers-comp-claim-resist-urge-to-retaliate

Comments Off on Hospitality Industry Legal Risks: North Carolina Companies Outlawed From Firing Employees Before Or After Filing Legitimate Workers' Comp Claims

Filed under Claims, Insurance, Labor Issues, Liability, Management And Ownership

Tagged as , , ,

by | July 20, 2012 · 7:40 am

Hospitality Industry Property Risks: Kentucky Hotel's Roof Partially Torn Off By High Winds; Water Damage To Top Three Floors From Sprinkler System

“…the National Weather Service was calling for 60-mile-per-hour winds. The top three floors of the hotel had water damage from the sprinkler system and officials say those guests were relocated…”

A Louisville hotel suffered damage in Thursday’s storm. Heavy winds whipped through the airport at an estimated 44-mile-per-hour winds. At one point, part of the roof on the Crowne Plaza Hotel was blown off.

At least 200 rooms were impacted. Several cars in the parking lot were also damaged.

The Crown Plaza was hosting the National Junior Angus Show and was at 100 percent occupancy.

“We’ve also heard the sprinkler system went off in there and that other things could be ruined other than the top floors, so we were anxious to see, but we were very amazed to see all the debris. Amazed. And that’s typically where we park,” says Donna Guice, a hotel guest from Louisiana.

For more:  http://www.wdrb.com/story/19070473/louisville-hotel-damaged-in-thursdays-storm

Comments Off on Hospitality Industry Property Risks: Kentucky Hotel's Roof Partially Torn Off By High Winds; Water Damage To Top Three Floors From Sprinkler System

Filed under Claims, Insurance, Maintenance, Management And Ownership, Risk Management

Tagged as , , , ,

by | July 19, 2012 · 6:13 am

Hospitality Industry Parking Risks: Kentucky Hotel Guest's Auto Stolen By Man Posing As A Valet

“…(suspect) was posing as a valet at the Seelbach Hilton Hotel on June 29. After helping the owner of the vehicle into the hotel with their luggage, Gibbs then drove away with the $25,000 SUV…”

A Louisville man has been charged with theft after he pretended to be a hotel valet and stole a SUV. A short time later, the vehicle’s owner said someone told them the person who drove off in the SUV was not a hotel employee.

Police identified Gibbs as the suspect after looking at hotel security footage and said he later confessed to the crime. The vehicle was recovered that same day parked in front of Gibbs apartment.

Gibbs is charged with theft by unlawful taking of an auto over $10,000.

In a statement to WAVE 3, Jon McFarland, general manager of the Seelbach Hilton, said, “The Seelbach has not had a prior incident like this. We are aggressively looking at how it happened, and preventing it from happening again.”

For more:  http://www.wave3.com/story/19054310/police-fake-valet-steals-suv

Comments Off on Hospitality Industry Parking Risks: Kentucky Hotel Guest's Auto Stolen By Man Posing As A Valet

Filed under Crime, Guest Issues, Labor Issues, Liability, Management And Ownership, Risk Management, Theft

Tagged as , , , , ,

by | July 18, 2012 · 6:45 am

Hospitality Industry Legal Risks: Pennsylvania Casino Sued By Former Waitresses For Discrimination After Demotions For Becoming Pregnant; Violated "7% Body Weight Rule"

“…a rule remains that Parkettes and their male equivalents, Park Men, must not deviate more than 7 percent from their body weight when they were hired… these employees are considered entertainers because they participate in calendar and talent contests and make public appearances off-site. No other casino staffers are subject to the weight requirement…”

Two former cocktail waitresses have filed a federal lawsuit against Parx Casino, in Bensalem, Pa., claiming they were demoted when they became pregnant. Parx’s chief counsel said the casino’s policy has changed since the women filed complaints with the Equal Employment Opportunity Commission in 2009. The establishment now provides maternity versions of its skimpy uniforms to its cocktail waitresses, who are known as Parkettes.

Parkettes Alycia Campiglia, 27, and Christina Aicher, 31, who both became pregnant while working for the casino in 2008, claim that when they told managers they were pregnant, they were informed they could continue as Parkettes only until their costumes no longer fit, according to their lawsuit filed July 5.

Both women said they were offered transfers to the concession stand or players services, but they said they wouldn’t be able to earn tips. The EEOC determined in August 2009 that Parx had discriminated against pregnant cocktail servers.

“We changed the policy to say you can work (as a Parkette) if you’re pregnant,” said Thomas Bonner, Parx’s chief counsel and vice president. “We do have maternity costumes now.”

What hasn’t changed, though, is Parx’s strict weight limitations. Parkettes and Park Men are subject to periodic weigh-ins, and if they fail, they are subject to termination.

In 2006, cocktail waitresses at the Borgata Hotel Casino in Atlantic City filed a $70 million lawsuit against the casino for instituting a 7 percent weight-gain policy. The lawsuit was settled out of court in 2008 for terms that weren’t disclosed.

Last year, Resorts Casino in Atlantic City was hit with three lawsuits that are pending from veteran cocktail waitresses who claim that they were demoted or let go because they were too old or not sexy enough for the new flapper costumes.

For more:  http://www.thonline.com/news/national_world/article_e43a2ab7-1ca0-5a3d-8f10-7f9d0e2a561b.html

Comments Off on Hospitality Industry Legal Risks: Pennsylvania Casino Sued By Former Waitresses For Discrimination After Demotions For Becoming Pregnant; Violated "7% Body Weight Rule"

Filed under Claims, Insurance, Labor Issues, Management And Ownership, Risk Management

Tagged as , , , ,

by | July 17, 2012 · 6:18 am

Hospitality Industry Employee Risks: Former Manager Of New York Hotel Convicted Of Felony Theft Of $50,000 From Cash And Expenses On Corporate Credit Card

“…(woman was ordered) to pay $48,883.53 in restitution…that amount would cover thefts Aylmer committed by taking cash from the hotel and by running up expenses on the corporate credit card…”

“A co-defendant…is responsible for paying back about $12,000 to cover the theft of supplies from the hotel that the defendants attempted to sell on Craigslist and eBay…”

The former manager of a Cicero hotel was sentenced today to five years’ probation for stealing more than $50,000 from her employer. Cathaline Aylmer, 40, of Utica, had nothing to say before Onondaga County Judge Joseph Fahey imposed the probationary sentence agreed to when Aylmer pleaded guilty May 11 to a felony count of second-degree grand larceny.

In pleading guilty, Aylmer admitted stealing from the Days Inn Hotel on Bartel Road from June through July 2010.

For more:  http://www.syracuse.com/news/index.ssf/2012/07/former_cicero_hotel_managed_se.html

Comments Off on Hospitality Industry Employee Risks: Former Manager Of New York Hotel Convicted Of Felony Theft Of $50,000 From Cash And Expenses On Corporate Credit Card

Filed under Crime, Labor Issues, Liability, Management And Ownership, Risk Management, Theft

Tagged as , , , , ,

by | July 16, 2012 · 6:32 am

Hospitality Industry Spa Treatment Risks: Florida Hotel Sued By Woman Who Claims "Near-Fatal Massage And Treatment" Has Resulted In Two Years Of Medical Expenses

“…a spa employee slathered her in aromatic essential oils, aloe, and shea butter. But the curvy Jersey girl began to have doubts when she was wrapped tightly in a “cellophane-type material” and helped inside something called an Alpha Massage Capsule. It looked like a space-age coffin…”

“…Once inside, she couldn’t move. As the temperature soared, she started to become overheated and lightheaded. She shouted for help, but the attendant had vanished, the lawsuit says. Then Berean passed out…”

According to a lawsuit she filed earlier this month, Berean’s spa treatment (at the Howard Johnson Hotel in Miami Beach in July 2010) turned into one hot, buttery nightmare. The spa promised to leave her skin “glowing,” but Berean’s “hot butter wrap” nearly melted her instead. After two years of medical bills, she wants payback.

“She was stuck in this little heating egg,” says Berean’s lawyer, Andrew Norden. “She yelled, but nobody came to help her. Then she passed out. It was terrifying for her.”

Lawyers representing Nirvana Spa did not respond to requests for comment. Berean also declined to speak to New Times about her ordeal, but her attorney and lawsuit paint a terrifying picture of relaxation gone awry.

When the Nirvana Spa employee finally returned, she took Berean out of the capsule and unwrapped her like an aborted butterfly. Berean gradually came to, but instead of calling paramedics, the employee put the barely conscious client into the shower and left her alone again, according to the lawsuit. Berean fainted a second time and hit her head.

Berean has undergone “extensive medical care and treatment” because of the near-fatal massage, the lawsuit claims. But Natalia Bazhenova, Nirvana’s current manager who joined the spa after the incident, says the story sounds suspicious.

For more:  http://blogs.miaminewtimes.com/riptide/2012/07/woman_sues_nirvana_spa_on_miam.php

Comments Off on Hospitality Industry Spa Treatment Risks: Florida Hotel Sued By Woman Who Claims "Near-Fatal Massage And Treatment" Has Resulted In Two Years Of Medical Expenses

Filed under Claims, Guest Issues, Health, Injuries, Liability, Management And Ownership

Tagged as , , ,

by | July 15, 2012 · 6:51 am

Hospitality Industry Employee Risks: Michigan Hotel Employee Charged With Stealing Money From Manager's Room; Background Check Would Have Revealed Lengthy Criminal History

“(the employee) allegedly stole $220 from the purse of her assistant manager who had been staying in a room at the hotel…a hotel manager confirmed that since the Lewis incident, the hotel now conducts background checks. The manager said had they known that Lewis had been convicted of crimes in the past, they would have not hired her…”

An employee of a Muskegon Heights hotel with a lengthy criminal background has been charged with a felony for allegedly stealing money from her manager’s room. Kortney Donesia Lewis, 24, of Muskegon, was arraigned in Muskegon County 60th District Court on Wednesday on one count of larceny from a building, a four-year felony, and as a fourth-time habitual offender.

“The manager noticed by surveillance video and key-code confirmation that Lewis had been in her room,” Gardner said. “Lewis was confronted and admitted it.”

Gardner said Lewis’ criminal history includes a 2006 conviction for an embezzlement charge; a 2009 conviction of larceny from a building and a conviction that same year for stealing and using someone’s credit card.

Based on that history, Gardner said it’s difficult to sympathize with the hotel officials who hired Lewis. “In this case it doesn’t just seem to be the responsibility of the defendant for her actions, but for the hotel for hiring a woman with an extensive criminal history for theft crimes,” he said. “It defies commonsense to give a person with that background access to rooms that often times hold valuables.”’

For more:  http://www.mlive.com/news/muskegon/index.ssf/2012/07/muskegon_heights_hotel_employe.html

Comments Off on Hospitality Industry Employee Risks: Michigan Hotel Employee Charged With Stealing Money From Manager's Room; Background Check Would Have Revealed Lengthy Criminal History

Filed under Crime, Labor Issues, Liability, Management And Ownership, Risk Management, Theft

Tagged as , , , , ,

by | July 14, 2012 · 8:16 am

Hospitality Industry Health Risks: Oregon Restaurants Will Not Be Required To Prohibit "Bare-Hand Contact" Pending Review; "Double Hand-Washing Rule" To Be Enforced

“…(the State of Oregon) decided to remove the bare-hand contact prohibition from the proposed rules because this issue needs further discussion…the group will convene multiple times over the next few months. The state will continue to enforce its double hand-washing rule for food servers until any changes are announced…”

The Oregon Health Authority is shelving its proposed rule mandating that restaurant workers not prepare food with their bare hands. State health officials have decided to convene a work-group on standards to prevent food-borne illness. The group will work toward a substitute to the so-called “no bare hand contact” rule originally proposed by the Health Authority.

That provision was to take effect on July 1, but was delayed after protests from the food service industry. The work group will include restaurateurs, legislators, medical professionals and others.

Gail Shibley, the administrator of the OHA’s Public Health Division, said her agency is looking for diverse opinions. “We think we can get the wisdom from restaurateurs as well as a variety of other folks to really dig into the details of this specific provision, and move forward at a later date,” she said.

For more:  http://www.mailtribune.com/apps/pbcs.dll/article?AID=/20120713/NEWS07/120719990/-1/NEWSMAP

Image provided by MyDoorSign.com

Comments Off on Hospitality Industry Health Risks: Oregon Restaurants Will Not Be Required To Prohibit "Bare-Hand Contact" Pending Review; "Double Hand-Washing Rule" To Be Enforced

Filed under Food Illnesses, Guest Issues, Health, Labor Issues, Liability, Maintenance, Management And Ownership, Risk Management, Training

Tagged as , , , , ,