Articles about Audit

OpenSSL audit kicks off for post-Heartbleed strengthening program

A major audit of the ubiquitous OpenSSL web security protocol is set to commence under a US$1.2 million industry commitment to harden open source technologies. OpenSSL is first off the rank under the Linux Foundation’s Core Infrastructure Initiative given its popularity and lack of in-depth security review. "OpenSSL has been …
Darren Pauli, 10 Mar 2015
Statue of Liberty

Verizon promised to wire up NYC with fiber... and failed miserably – audit

New York City authorities have thumped Verizon for apparently reneging on its promises to wire up the Big Apple with super-fast fiber internet. In 2008, the city signed a deal with Verizon in which the telco promised to give every resident access to a fiber-optic broadband connection by July 2014. In return, the city reduced the …
Iain Thomson, 18 Jun 2015

Crack security team finishes TrueCrypt audit – and the results are in

The researchers behind the security audit of the TrueCrypt disk-encryption software have completed their work and say they have found no evidence of any deliberate backdoors or serious design flaws in its code. "Based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software," crypto boffin …
Neil McAllister, 02 Apr 2015
padlock

EU flings €1m at open source security audit wheeze

EU institutions have finally got the memo about it being a good idea to pinpoint and fix security vulnerabilities. Next year the European Parliament has allocated up to €1m for a project to audit free software programs in use at the European Commission (EC) and the EU Parliament in order to find and repair potential weaknesses …
Jennifer Baker, 23 Dec 2014
picard

Premera healthcare: US govt security audit gave hacked biz thumbs up

Serious doubt has been cast on the US government's data security regulations after Premera Blue Cross was declared secure by Uncle Sam – just months before the healthcare giant was ransacked for financial and medical information by hackers. The biz underwent a computer security audit by a federal watchdog in January 2014, was …
Iain Thomson, 23 Mar 2015
e-QIP's offline notice

Audit finds new flaw at US Office of Personnel Management

A security review that followed the original hack at the US Office of Personnel Management (OPM) has turned up a new, but hopefully-unexploited, vulnerability. The “Electronic Questionnaires for Investigations Processing” system, abbreviated to e-QIP, was found to be vulnerable under the review, and will be taken offline for as …
TrueCrypt

TrueCrypt audit: Probe's nearly all the way in ... no backdoor hit yet

The first phase of crowd-funded audit of TrueCrypt has turned up several vulnerabilities, but nothing particularly amiss and certainly nothing that looks like a backdoor. iSEC Partners, which was contracted to carry out the audit by the Open Crypto Audit Project (OCAP), ‪found‬ 11 vulnerabilities in the full disk and file …
John Leyden, 15 Apr 2014
Bittorrent logo detail

Cries of spies as audit group finds possible 'backdoor' in Bittorrent Sync

Updated: BitTorrent responds Popular file sharing platform BitTorrent Sync is 'probably' leaking hashes to its website and access to shared data, a group audit has found. The platform downloaded some 10 million times allowed users to synchronise data over networks using encrypted peer-to-peer at speeds said to be 16 times faster than Dropbox, using …
Darren Pauli, 18 Nov 2014
TrueCrypt

TrueCrypt audit project founder: 'We've set our sights high'

Interview A TrueCrypt audit project has uncovered a well of technical support with its plans to publicly audit the widely used disk and file encryption utility for the first time. TrueCrypt is a widely used utility that encrypts and decrypts entire drives, partitions or files within a virtual disk. The tool can also hide volumes of data …
John Leyden, 18 Nov 2013
TrueCrypt

Crowdfunded audit of 'NSA-proof' encryption suite TrueCrypt is GO

A fundraising effort to pay for an independent, professional security audit of TrueCrypt, the popular disk encryption utility, has raised enough money to pay for an arguably long overdue audit of the security software. TrueCrypt is a widely used utility that encrypts and decrypts entire drives, partitions or files within a …
John Leyden, 06 Nov 2013
Fukushima Warning Sign by Raneko https://www.flickr.com/photos/raneko/

Fukushima nuke plant owner told to upgrade from Windows XP

The Tokyo Electric Power Company (TEPCO), operator of the stricken Fukushima Daiichi nuclear energy complex, has been told to migrate 48,000 internet-connected PCs off Windows XP sooner rather than later. TEPCO was recently probed by Japan's Board of Audit, an organisation that oversees the finances of Japan's government and …
Simon Sharwood, 23 Apr 2015

IBM tightens Passport Advantage licensing terms

IBM software customers should be on their guard following changes to the fine print of the giant’s Passport Advantage program. IBM reworded part of Passport Advantage late last year, The Reg has learned, putting more onus on the customer than ever before to keep clear and accurate records of their software use. The changes mean …
Gavin Clarke, 07 Apr 2015
Scotland

Take that NATS! Jocko IT is also totally rubbish. BOOM!

Scottish nationalists have a lot more in common with their Sassenach cousins than they'd like to admit, with both nations seemingly equally crap at IT. A report by the country's spend watchdog Audit Scotland found the government "Continue[s] to encounter difficulties" in managing Information and Communication Technology (ICT) …
Kat Hall, 19 Jun 2015
Cloud security image

Horrors of murky TrueCrypt to be probed once more

The gears of the TrueCrypt audit have whirred into life overnight with boffins poised to again probe the open source crypto tool after nearly a year of waiting. A tiny team will fondle the tool's random number generators, cipher suites and key algorithms in a bid to pull the internet's favourite crypto suite out of the pariah …
Darren Pauli, 20 Feb 2015

Salesforce unleashes red-tape-as-a-service for regulation-heavy users

Salesforce has launched its slightly-more-secure-software-as-a-service for organisations in industries compelled to wrap themselves in red tape. The Salesforce1 service, dubbed "Shield", offers encryption, monitoring, and archiving for the platform's apps. Salesforce says the platform includes field audit trail, platform …
Team Register, 15 Jul 2015

Microsoft and Oracle are 'not your trusted friends', public sector bods

Software providers such as Microsoft and Oracle are aggressively targeting public sector customers with licence "audit reviews" in a bid to plug falling subscription revenue, according to research. Over one-third of the 436 councils surveyed across the UK have been subject to at least one software licence review in the last 20 …
Kat Hall, 27 Mar 2015
francis_maude_flames_evil

National Audit Office tears government's savings claims in HALF

The National Audit Office has questioned the Cabinet Office's weighty ICT savings claims and revealed it still does not know how many small biz suppliers are winning public sector contracts. Minister Francis Maude's merry band claims it saved taxpayers £702m on tech and comms spending in fiscal 2012 ended March - £354m through …
Paul Kunert, 23 Jan 2013
Keep out sign with deleted expletive

US watchdog: Anthem snubbed our security audits before and after enormous hack attack

A year or so before American health insurer Anthem admitted it had been ruthlessly ransacked by hackers, a US federal watchdog had offered to audit the giant's computer security – but was rebuffed. And, after miscreants looted Anthem's servers and accessed up to 88.8 million private records, the watchdog again offered to audit …
Shaun Nichols, 05 Mar 2015
The Register breaking news

Security audit finds dev OUTSOURCED his JOB to China to goof off at work

A security audit of a US critical infrastructure company last year revealed that its star developer had outsourced his own job to a Chinese subcontractor and was spending all his work time playing around on the internet. The firm's telecommunications supplier Verizon was called in after the company set up a basic VPN system with …
Iain Thomson, 16 Jan 2013
Apple Watch Sport

Hands off, Apple! Irish dev studio sues over alleged iWatch infringement

Cupertino's lawyers must hasten with all fair speed to Milan, where Irish company Probendi has filed a suit alleging infringement of the latter's iWatch trademark. Apple has placed an advertisement with Google to link to its wristjob when users search for the "iWatch", presumably to catch the eyes of novitiate fanbois not yet …
Malware image

Lenovo CTO: Hey, look around – we're not the only ones with a crapware infection

On Friday Lenovo is going to tell the world about how it plans to regain the trust of its users in the wake of the Superfish clusterfuck – and may even launch an independent security audit of its products. "Our goal, in the end, is to make this right," Lenovo's CTO Peter Hortensius told The Register on Tuesday. "It's going to …
Iain Thomson, 25 Feb 2015

VMware's tool to harden virtual networks: a spreadsheet

VMware has released a guide to hardening its NSX virtual networking and product. The guide published online by VMware information security professional Pravin Goyal, covers management, control and data planes. It recommends including audit logs and system events in backups, enabling and securing remote logging for the NSX …
Darren Pauli, 14 Oct 2014
fingers pointing at man

Child labour, lost wages uncloaked by Apple factories audit

Apple has for the first time released a complete list of its suppliers [PDF], publishing the names of 156 companies who make the parts for everything from Macbook screens to iPad covers. The list includes well-publicised contracts, such as Apple's mega deals with Samsung and LG, as well as more obscure deals with smaller …
Anna Leach, 16 Jan 2012

Union confirms two-day strike over Universal Credit's pisspoor IT

Universal Credit staff will strike for two days next week over "increasingly oppressive" working conditions and unusable IT, the Public and Commercial Services trade union has confirmed, following a vote late week. The union's members voted to down tools at the Glasgow and Bolton centres last week, where more than half (1,500 …
Kat Hall, 13 Jul 2015

ICO's data protection tentacles will penetrate NHS bodies

NHS bodies in the UK can now be forced to open themselves up to data protection audits under new powers handed to the Information Commissioner's Office (ICO). The watchdog told Out-Law.com that its audits regime follows a "participative approach" and that therefore it would first ask health bodies if they would voluntarily …
OUT-LAW.COM, 03 Feb 2015
China

China's hackers stole files on 4 MEELLION US govt staff? Bu shi, says China

China is fending off accusations it was behind the theft of personal dossiers on four million US government workers – some of whom had applied for or were granted security clearances. China's foreign ministry spokesman Hong Lei told NBC News: "We hope the United States could discard this kind of suspicion and stop groundless …
Shaun Nichols, 05 Jun 2015

Soz SMEs, we're not interested in your direct biz

Small biz suppliers received no more love from government procurement departments last year, with direct spend dipping by 0.1 per cent compared with 2012/13 to £4.5bn. Over the last two years, direct spend rose by just 0.3 per cent, according to government figures. In 2010 the government set a target for 25 per cent of all its …
Kat Hall, 25 Feb 2015

Hacked US Census Bureau staff to get anti-phishing 101 lessons

The US Census Bureau has asked for additional IT security training for its staff – including tips on how not to fall for phishing emails – in the wake of last week's server breach. The bureau said in a blog post over the weekend that the hackers who managed to pull employee records from its computers did so by targeting the …
Shaun Nichols, 28 Jul 2015
Dunce

NIST issues 'don't be stupid' security guidelines for contractors

There's no irony here at all: America's National Institute of Standards and Technology (NIST) has finalised its advice to US Federal agencies about how sensitive data should be protected when it's handled by contractors and outsiders. The recommendations, if they'd existed and been followed, might have helped protect Americans …

Scouts take down database due to 'security vulnerabilities'

The Scouts Association has taken down its Compass database, which holds the records of nearly half-a-million young people and adult volunteers, after discovering a "potential security vulnerability," The Register can reveal. In a letter seen by El Reg and addressed to members this morning, the association said the decision was …
Kat Hall, 28 Jan 2015
Spam image

Ten years on, TEN PER CENT of retailers aren't obeying CAN-SPAM

One in 10 of the world’s largest online retailers are sill violating the CAN-SPAM Act, a full 10 years after the US anti-spam legislation went into effect. The finding comes from an audit by the Online Trust Alliance (OTA), a non-profit with the mission to enhance online trust. They also found that 70 per cent of 200 online …
John Leyden, 18 Sep 2014

NHS IT failures mount as GP data system declared unfit for purpose

The towering scrapheap of NHS IT failures may about to rise further, with the increasingly expensive GP Extraction Service IT system deemed not fit for purpose by the government's spending watchdog. Costs for the GPES IT system, which is supposed to extract data from all GP practices in England, have ballooned from £14m to £40m …
Kat Hall, 02 Jul 2015
British Transport Police cop. Pic: Gordon Joly

Smile! Brit transport plods turn bodycams on travelling public

British Transport Police have agreed to test 250 Taser Axon body-worn cameras. The gizmos film alleged criminal activity witnessed by the cops, before uploading the footage to a data management system. Taser promised that the evidence gathered from the devices would be stored and managed securely on its platform. The BTP will …
Team Register, 29 Apr 2015
Whitehall road sign. Sgt Tom Robinson RLC/Crown copyright

UK.gov opens kimono to SMEs in Tech Services framework cash spaff

The government has lifted the lid on its £200m Technology Services framework, with more than half of the 85 suppliers awarded a place being SMEs. The agreement is the new incarnation of its managed services framework, which originally included around 11 large suppliers. The new version is intended to help central government …
Kat Hall, 29 May 2015
Downing Street road sign

Universal Credit CRISIS: Up to £200m in IT spend WASTED – NAO

Around £219m in IT investments in the much-maligned Universal Credit programme may be written off, a National Audit Office report has revealed today. To date, £344m in IT investment has been sunk into the programme, but just £125m of those assets are currently in use. The NAO revealed the department has written off a further £ …
Kat Hall, 26 Nov 2014
The Register breaking news

Facebook spurns privacy probe as 'routine audit'

Facebook's international headquarters are in Dublin, Ireland, where the company just so happens to face a regulatory probe into the handling of personal data on the social network. According to the RTE, the Irish data protection commissioner will carry out a privacy audit of the site in November. That's potentially a big deal, …
Kelly Fiveash, 30 Sep 2011
US cashpoint. Pic: Tax Credits

Are you an infosec bod? You must be STINKING RICH, says study

Jobs in the lucrative cyber-security sector can command salaries of $200,000 or more, according to a new salary survey. Lead software security engineer pull in an average of $233,333 while Chief Security Officer ($225,000) and Global Information Security Director ($200,000) also receive serious salaries. A new study of 2015 …
John Leyden, 12 May 2015

Confidential information exposed over 300 times in ICANN security snafu

Two months after claiming there was "no indication" that confidential information was exposed in a security cock-up, domain name overseer ICANN has admitted it happened on at least 330 occasions. Following an audit of its main customer portal, the organization confirmed what we reported at the start of March: that misconfigured …
Kieren McCarthy, 30 Apr 2015

China hacked US Army transport orgs TWENTY TIMES in ONE YEAR

Sophisticated Beijing-backed hackers raided civilian organisations responsible for the movements of US troops and equipment 20 times in one year of which only two were detected by the responsible agency, an audit report has found. Contractors underneath the US Transportation Command (TRANSCOM) agency were hacked a total of 50 …
Darren Pauli, 18 Sep 2014
Dunce's cap graffiti by https://www.flickr.com/photos/lord-jim/ cc 2.0 attribution https://creativecommons.org/licenses/by/2.0/

Mass break-in: researchers catch 22 more routers for the SOHOpeless list

Yet another disclosure tips 22 SOHO routers in the security bin, with everything from privilege escalation and authentication bypass to hard-coded credential backdoors. That disclosure – more than 60 vulnerabilities from big-name vendors including D-Link, Belkin, Huawei, Linksys, Netgear, Zyxel and Sagem – was made by Spanish …
Woman slaps man. Pic: Shutterstock

Privacy watchdog ICO slashes its fines in half

The total value of fines issued by the UK Information Commissioner's Office has halved compared with last year – despite the watchdog receiving roughly the same number of complaints about data protection. In 2014/15, the ICO issued £1.1m in so-called civil monetary penalties, £386,000 of which were for companies behind nuisance …
Kat Hall, 02 Jul 2015
channel_teaser_exit

Another Insight exec spotted racing toward exit

Simon Taylor, EMEA senior veep of operations at cloud-wannabe reseller Insight Enterprises, is the latest big cheese to quit the firm with the regional chief finance exec Russell Leighton taking on dual responsibilities. The 14-year Insight veteran has left the building - staff were told of his departure yesterday afternoon …
Paul Kunert, 18 Jun 2015

Smart meters set to cost Blighty as much as replacing Trident

Smart meters will cost as much as the Trident nuclear deterrent to implement, with the full cost of the scheme rising to £19bn, according to a government report. Total lifetime costs of the programme have now risen by £2bn since 2013, according to a report by the Major Projects Authority. In contrast, the Trident replacement …
Kat Hall, 29 Jun 2015
Toshiba

Toshiba CEO and execs quit over $1.2bn six-year accounting scandal

Toshiba CEO Hisao Tanaka and seven other bigwigs have quit after a probe concluded profit figures had been inflated beyond their real values. The Japanese electronics giant said in a brief statement [PDF] today that $1.2bn (£770m, 151.8bn yen) was incorrectly added to Toshiba's income-before-tax figures in the 2008 to 2014 …
Shaun Nichols, 21 Jul 2015
The Register breaking news

Wales Audit Office boss sacked amidst laptop smut claims

Jeremy Colman, Auditor General for Wales has resigned from his £170,000 a year post after porn material was allegedly found on his laptop. In fact, the post is in the gift of the Queen, so his resignation has been forwarded on to her. The National Assembly is now looking for an interim successor. His laptop was seized, The …
John Oates, 04 Feb 2010
Iain Duncan Smith. Pic: Foreign & Commonwealth Office

Unions call for strike action over 'unusable' Universal Credit IT

Trade union members have voted to strike over the deeply troubled Universal Credit IT project, citing an "increasingly oppressive working environment" and "unusable systems". Despite the project having been “re-set” and a new digital system introduced, a spokesman from the PCS trade union said that the systems are still not up …
Kat Hall, 07 Jul 2015

Ireland's data cops: Yes, we probed LinkedIn. Don't ask what we found

Ireland’s data protection authorities will not publish the results of an audit they carried out on digital CV site LinkedIn. Ciara O'Sullivan, spokeswoman for the Irish Data Protection Commissioner, said that the watchdog “owes a duty of confidentiality to organisations it investigates”. She added that it was up to the …
Jennifer Baker, 05 Nov 2014
Image of the Moon floating over a Russian flag

Do svidaniya Roscosmos. By the way, any idea where that 92 BEEELLION rubles went?

Following the announcement that the Russian space agency, Roscosmos, managed to "lose" 92 billion rubles ($1.8bn) last year, it is set to be replaced by a state corporation during the second half of 2015. CNN Money reports that Tatyana Golikova, head of the Account Chamber of Russia (the national audit office) told the Russian …
For Sale sign detail

Acer writes off $150m as audit finds 'abnormalities'

Acer CEO and Chairman JT Wang has relinquished his remuneration package including bonuses from 2010 after the firm unearthed "abnormalities" in channel inventory across EMEA that will cost it US $150m (£91m) to write off. The Taiwanese giant will also cut board directors' pay packages by 50 per cent, ask staff to take a 40 per …
Paul Kunert, 01 Jun 2011
Crop of doctor with pen and clipboard

WHOOPSIE! Vast US health insurer CareFirst plundered of 1.1 MEELLION records

More than 1.1 million user records have been compromised following a hack against US health insurer CareFirst BlueCross BlueShield. Data including members’ names, birth dates, email addresses and subscriber identification numbers may have been stolen by hackers as a result of a security breach last July. The hack was only …
John Leyden, 21 May 2015