Articles about Audit

Man with clipboard, hardhat and concerned expression next to a pressure gauge in an industrial setting. Pic by Shutterstock

BOFH: Elf of Safety? Orc of Admin. Pleased to meet you

Episode 2 There's a small-scale war going on between me, the PFY and the folk in Health and Safety. Now your normal, run-of-the-mill person would rather perform a root canal on themselves with a hammer action drill than take on a Health and Safety role in any organisation. The position itself has all the prestige of an unflushed turd …
Simon Travaglia, 24 Feb 2017

US 'security' biz trio Sentinel Labs, Vir2us, SpyChatter accused of lying about certification

Three US companies have settled with the FTC after they were accused of lying about the security safeguards on their customer information. Sentinel Labs, SpyChatter, and Vir2us have all agreed to adhere to the US trade regulator's settlement terms after they were formally charged with falsely claiming certification with the …
Shaun Nichols, 23 Feb 2017
Fencers photo via Shutterstock

Different judge, different verdict? Diageo's £54m SAP legal slap could have gone another way

If you use software licensed by SAP, you had better read your licence. If you have not yet acquired SAP software, you should make sure you use an experienced IT licensing lawyer before contracting. If you agree to SAP’s standard licence terms and use the software in a way not expressly permitted by the licence, it could cost …
Barry Sookman, 23 Feb 2017
Arm wrestling photo via Shutterstock

Ditching your call centre for an app? Be careful not to get SAP-slapped

SAP has scored what threatens to be a pyrrhic victory in court against one of its own customers. A British court sided with the software giant in a case that threatens to drastically increase the amount of money customers must pay it. A judge ruled that SAP's named-user licensing fees must cover any and all software that …
Gavin Clarke, 20 Feb 2017

Watson can't cure cancer ... or all the stuff that breaks IT projects

A University of Texas audit report last week tipped a bucket on the conduct of a high-profile “Watson to cure cancer” project. The University has criticised the MD Anderson Cancer Center's “Oncology Expert Advisor (OEA) Project”, which since 2014 has poured tens of millions into seeing if IBM's Watson was smart enough to beat …
Green data centre

Data centre locations: In the city or up the country?

Promo The obvious difference between using a data centre in the city centre compared to the country is cost, but other factors such as proximity to fibre connections, accessibility, security and just plain convenience, might well lure you back to the centre. Let’s help you decide whether you’d prefer your infrastructure to be uptown, …
David Gordon, 16 Feb 2017

Rasputin whips out large intimidating tool, penetrates uni, city, govt databases – new claim

A Russian-speaking miscreant dubbed "Rasputin," who potentially hacked into the US Election Assistance Commission and sold access to its systems, has struck again, it is claimed. Rasputin has allegedly infiltrated database servers within 60 organizations, US government agencies, and international universities. These victims …
John Leyden, 15 Feb 2017
Confide for Android screenshot

Inside Confide, the chat app 'secretly used by Trump aides': OpenPGP, OpenSSL, and more

Rumors that President Donald Trump's aides are using an encrypted messaging app called Confide has landed the software firmly in the spotlight – and under the security microscope. The Washington Post on Monday mentioned that Confide, built by a startup in New York City, is used by some White House staffers to gossip in private …
Shaun Nichols, 15 Feb 2017
Spanner and bolt photo via Shutterstock

A spanner in the works: Google's cloud database hits beta, gets prices

Google's close to plugging a long-standing gap in its public cloud, with its Cloud Spanner distributed relational database hitting public beta. In January, we noted that Cloud Spanner, first detailed in a 2012 white paper, had landed as alpha in 2014 but was yet to become a commercial offering. The beta announced February 14 …
editorial only image of Whitehall. Pic Daniel Gale/Shutterstock

Brought to you by UK.gov: 'Most ambitious programme of change of any government anywhere in the world'

Cabinet Office minister Ben Gummer has today unveiled the government’s long-delayed digital strategy, calling it "the most ambitious programme of change of any government anywhere in the world”. He was speaking at think-tank Reform's annual conference. The Government Transformation Strategy was intended to be launched at the …
Kat Hall, 09 Feb 2017

Police drones, robo surgeons and chatbot civil servants. What could go wrong?

A think tank is calling for hundred-of-thousands of UK public sector jobs to be automated. Blighty should also take a look at using drones for policing, apparently. The report, Work in progress. Towards a leaner, smarter public-sector workforce [PDF], by centre-right wonkers Reform reckons up to 250,000 state employees in …
Kat Hall, 06 Feb 2017

UK.gov slammed by Parliamentary types for 'dysfunctional' infosec

A scathing parliamentary report into UK.gov’s infosec practices has called for the government to step up its efforts to protect Britain from cyber attacks in the face of today’s “chaotic” practices. The criticism is published today in the Public Accounts Committee’s report on Protecting Information Across Government, which …
PWX_image

Fused box: Look who's containerizing storage, security and apps

Comment Containerized apps will gravitate to using containerized system services such as storage and security. In the DevOps world, containerized apps run inside hosts, and system services such as security and storage are containerized as well. Outside that ideal world, these services are often linked to containers by some interface …
Chris Mellor, 03 Feb 2017
Image by Maksim Kabakouhttp://www.shutterstock.com/pic-362745248/stock-photo-privacy-concept-broken-shield-on-wall-background.html

Another Schneider vuln: Plaintext passwords on client-side RAM resolved

Schneider Electric has issued a patch for its StruxureWare Data Center Expert industrial control kit following the discovery of a flaw that could allow remote access to unencrypted passwords. The product is designed to monitor physical infrastructure at data centres handling everything from cooling to backup generators. The …
John Leyden, 02 Feb 2017

Fear not, Europe's Privacy Shield is Trump-proof – ex-FTC bigwig

The transatlantic Privacy Shield data transfer agreement is not at risk from Trump's executive actions, former FTC Commissioner Julie Brill has promised. In an article on her law firm's blog, Brill notes that the recent executive order (EO) from the Oval Office, which expressly limited privacy rights to US citizens only, does …
Kieren McCarthy, 01 Feb 2017
gold abacus via shutterstock

National Audit Office: UK's military is buying more than it can afford

Military kit costs are going to skyrocket, according to the National Audit Office, which claims the Ministry of Defence now needs to slash an extra £5.8bn from its budget over the next 10 years. “The affordability of the Equipment Plan is at greater risk than at any time since its inception,” intoned Sir Amyas Morse, the head …
Gareth Corfield, 27 Jan 2017
A crying child

Oracle grasses up Google to Brussels over user 'super profiles'

The European Commission has confirmed that it will probe competition concerns over Google's decision to allow personal user data in its silos to co-mingle, to create "super profiles". Until last June, Google explicitly stated that behavioural data from its giant DoubleClick ad network would not be merged with a user's Google …
Andrew Orlowski, 25 Jan 2017

Emergency Services Network to be hit by delays, warn MPs

Hugely ambitious plans to replace the radio system used by the emergency services need more testing and are likely to face delays, the Public Accounts Committee has warned today. The £2.9bn Airwave contract, which dates from 2000, will be switched off at the end of 2019 and replaced by the 4G Emergency Services Network (ESN) …
Kat Hall, 25 Jan 2017

UK.gov still drowning in legacy tech because no one's boarding Blighty's £700m data centre Ark

Analysis Only in IT is “legacy” a pejorative term, where it is used to condemn ageing systems and forgotten workarounds. In the UK government, as with banks, increasingly difficult-to-maintain mission-critical systems are a huge problem. Not least because of the dwindling number of folk who remember how the damn things work. One …
Kat Hall, 23 Jan 2017
Parliament photo by Shutterstock

UK.gov departments are each clinging on to 100 terabytes of legacy data

Some Whitehall departments are saddled with more than 100 terabytes of legacy data, and are wasting time recreating old work at a cost of £500m per year, according to a Cabinet Office report. The Better Information for Better Government report [PDF] said good information governance is critical for effective government. …
Kat Hall, 18 Jan 2017

Did somebody say object storage? 9 ways to tell if there's a point

Comment Object storage is a relatively new market segment that has continued to grow steadily and is starting to find more reasons for adoption. For the uninitiated, object stores are used to hold large volumes of unstructured data, where each "object" is essentially a file with no specific format (also called a binary file). Object …
Chris Evans, 18 Jan 2017
Image by Ensuper http://www.shutterstock.com/gallery-585532p1.html

Dovecot mailserver graded 'nearly impenetrable'

POP and IMAP mailserver suite Dovecot has passed an extensive audit by hackers, who were able to find only three minor vulnerabilities. Dovecot is especially popular with service providers, so the news that four Cure53 researchers have given it a "thoroughly all-encompassing" audit and found the software to have "excellent …
Darren Pauli, 17 Jan 2017
Halo 5: Guardians - Microsoft XBOX ONE

DataGravity moves away from arrays to become a virtualised data guardian

Analysis Startup DataGravity laid off staff in February last year and subsequently pivoted away from building and selling its Discovery Series array line to building a shipping virtual appliance using its Discovery Series array software as a basis. DataGravity for Virtualisation (DGfV) runs as a virtual machine and operates in vSphere …
Chris Mellor, 16 Jan 2017

Calls for UK.gov's tax digitisation plans to be put on the back burner

The UK government's tax digitisation plan could be delayed by at least a year after the Treasury Committee exposed "serious shortcomings" with the programme. In 2015 Her Majesty's Revenue & Customs (HMRC) was awarded £1.3bn of digital investment over four years, which it said would yield £1bn in extra tax revenue after 2020 by …
Kat Hall, 16 Jan 2017

Thanks, Obama: NSA to stream raw intelligence into FBI, DEA and pals

A last-minute rule change signed off by the outgoing Obama administration has made it much easier for the NSA to share raw surveillance data with more than a dozen government agencies. The changes [PDF] are tacked onto executive order 12333, which was enacted by then-President Ronald Reagan to allow intelligence agencies to …
Iain Thomson, 12 Jan 2017

IBM: Hm, medical record security... security... Got it – we need blockchains

IBM says it will partner with the US Food and Drug Administration (FDA) on a study of whether blockchain technology could be used to securely transfer medical information. Big Blue says that its Watson Health unit will work with the FDA on a study aimed at pitching a framework for the use of blockchain technologies to make the …
Shaun Nichols, 12 Jan 2017

Google Cloud unlocks key achievement

Google on Wednesday introduced its Cloud Key Management Service in beta to help Google Cloud Platform customers deal with their encryption keys. "Cloud KMS offers a cloud-based root of trust that you can monitor and audit," said product manager Maya Kaczorowski in a blog post. "As an alternative to custom-built or ad-hoc key …
Thomas Claburn, 12 Jan 2017
Grain silos by Scott Davis

How do file store-and-share firms avoid that sinking syncing feeling?

Interview With the demise of Bitcasa, EMC selling off Syncplicity, and so forth, the enterprise file sync and share market might appear moribund. What’s happened is a trend of consolidation plus an addition of functionality for other content functions. EFSS on its own is no longer viable. That’s the underlying message we received from …
Chris Mellor, 11 Jan 2017
Wages

Google gives up YOUR private data to US govt – but won't hand over its OWN staff personal info

The US Department of Labor is suing Google for details of its staff's wages – though the Chocolate Factory claims it's bending over backwards to comply with the bureaucrats' demands. This is the same advertising giant that loves keeping tabs on hundreds of millions of netizens, and coughs up people's private information to …
Iain Thomson, 05 Jan 2017

Capita is STILL the BIGGEST tech services supplier to UK.gov

Despite all the mini fires burning at beleaguered Capita, the much maligned outsourcing giant remained the UK's biggest public sector tech services supplier in 2016 as revenues swelled to £1.9bn. An annual report by analyst TechMarketView found the firm that everyone loves to hate increased top line sales 5 per cent year-on- …
Kat Hall, 22 Dec 2016
negotiation

Wassenaar weapons pact talks collapse leaving software exploit exports in limbo

Security researchers face continued uncertainty after talks broke down between US negotiators and 40 other countries over the state of exploit exports. The negotiations concern the Wassenaar Arrangement, an arms-control pact in which members agree to limit the export of certain types of weaponry and "dual-use products." …
Iain Thomson, 21 Dec 2016
THistle, the national flower of scotland, being bothered by a bee. Photo by Shutterstock

HMRC IT cockup misses nearly 1m Scottish taxpayers for devo PAYE letters

Plans to raise income tax paid by Scottish earners have got off to a rocky start, after a database scan failed to identify 420,000 people who should be paying tax. The UK's National Audit Office found that a selection error meant that HMRC overlooked nearly one million residents in Scotland whose addresses were not already …
Kat Hall, 20 Dec 2016
Hunter photo via Shutterstock

Oracle finally targets Java non-payers – six years after plucking Sun

Oracle is massively ramping up audits of Java customers it claims are in breach of its licences – six years after it bought Sun Microsystems. A growing number of Oracle customers and partners have been approached by Larry Ellison’s firm, which claims they are out of compliance on Java. Oracle bought Java with Sun Microsystems …
Gavin Clarke, 16 Dec 2016
Tavis Ormandy's Symantec exploit

Dear hackers, Ubuntu's app crash reporter will happily execute your evil code on a victim's box

Users and administrators of Ubuntu Linux desktops are being advised to patch their systems following the disclosure of serious security flaws. Researcher Donncha O'Cearbhaill, who discovered and privately reported the vulnerabilities to the Ubuntu team, said that a successful exploit of the bugs could allow an attacker to …
Shaun Nichols, 15 Dec 2016

Security! experts! slam! Yahoo! management! for! using! old! crypto!

Analysis Fallen web giant Yahoo! has been branded negligent for failing to tackle the prodigious challenge of upgrading its MD5 password hashing before some one billion accounts were stolen. The security-battered organisation revealed today that attackers had stolen more than a billion accounts in August 2013 in history's biggest …
Darren Pauli, 15 Dec 2016

Well, well. Auditors say UK govt procurement body hasn't saved your tax cash

The UK government's procurement arm, the Crown Commercial Service, has failed to save taxpayers' cash – according to the National Audit office. CCS is responsible for funnelling billions of pounds of IT spend through large framework contracts, a practice which tends to favour larger suppliers. It was responsible for £12.8bn in …
Kat Hall, 13 Dec 2016
Peter Capaldi in bbc2 political satire The Thick of It. Copyright BBC

Shared services centres flop: Only one UK.gov department uses them

The government's plan to move all of Whitehall's back office IT into shared services centres has been such a flop, all but one department has pulled out of the scheme, according to the National Audit Office. The shared services centres, run separately by IT provider Arvato and French outsourcer Sopra Steria, were set up in …
Kat Hall, 08 Dec 2016

Stealing, scamming, bluffing: El Reg rides along with pen-testing 'red team hackers'

Feature "Go to this McDonald's," Chris Gatford told me. "There's a 'Create Your Taste' burger-builder PC there and you should be able to access the OS. Find that machine, open the command prompt and pretend to do something important. "I'll be watching you." Gatford instructed your reporter to visit the burger barn because he …
Darren Pauli, 08 Dec 2016
A brick tunnel

Santa says you've been nice kids: OpenVPN to get security audit

Johns Hopkins University crypto professor Dr Matthew Green is to lead a security audit of OpenVPN 2.4. The open source VPN project, published at GitHub, has been compiled for everything from Solaris to Windows, passing various Linux and BSD distributions along the way (including OSX); Windows and Android (and jailbroken iOSs …
Office Space

Printer security is so bad HP Inc will sell you services to fix it

Printer security is so awful HP Inc is willing to shut off shiny features and throw its own dedicated bodies at the perennial problem. The tech giant is offering the professional security services under its new and far-harder-than-before "Secure Managed Print Services" offering unveiled today. Security types will also provide …
Team Register, 06 Dec 2016
AWS boss Andy Jassy speaking at AWS SFO Summit 2015

AWS hops aboard Internet of Things bandwagon

Amazon has jumped aboard the Internet of Things bandwagon, offering to certify its APN Partners as "Amazon IoT Competency Partners", it announced at its AWS re:Invent conference. "To become an AWS IoT Competency Partner, you must meet a number of requirements, such as providing use case-specific public customer references, and …
Gareth Corfield, 30 Nov 2016
editorial only image of Whitehall. Pic Daniel Gale/Shutterstock

Sharing's caring? Not when you spread data across gov willy-nilly

Digital Economy Bill Privacy campaigners and academics have called for the removal of personal data sharing proposals in the forthcoming Digital Economy Bill. The Bill puts government ministers in control of citizens' personal data, "a significant change in the relationship between citizen and state," wrote 26 signatories in a letter to The …
Kat Hall, 25 Nov 2016
Image by Ensuper http://www.shutterstock.com/gallery-585532p1.html

Mozilla hackers audit cURL file transfer toolkit, give it a tick for security

Mozilla has given the widely-used cURL file transfer library a thumbs up in a security audit report that uncovered nine vulnerabilities. Of those found in the free security review were four high severity vulnerabilities leading to potential remote code execution, and the same number of medium risk bugs. One low risk man-in-the …
Darren Pauli, 25 Nov 2016
Election hacking

CompSci Prof raises ballot hacking fears over strange pro-Trump voting patterns

Donald Trump's surprise win in the United States' presidential election could conceivably be attributed to illegal hacking and needs to be investigated, according to a security expert. A statistical analysis by J Alex Halderman, professor of computer science at the University of Michigan's Center for Computer Security and …
Iain Thomson, 24 Nov 2016

Google DeepMind inks 5-year agreement with NHS for 'Streams' app

DeepMind Health, the healthcare arm of the artificial intelligence business owned by Google, has signed a deal with the Royal Free London NHS Foundation Trust to provide an app called Streams. The deal, which establishes a five-year partnership between the organisations, builds on DeepMind Health's pilot project with the Trust …

Emergency services 4G by 2020? And monkeys could fly out of my butt

Users of the UK government's plans to shove the emergency services on to a 4G network by March 2020 are sceptical about the programme's timetable. Perhaps somewhat unsurprisingly, since a scheme of this scale has never before been tried anywhere else in the world. The Emergency Services Network (ESN) – set to replace the Tetra …
Kat Hall, 17 Nov 2016
cloud

Dropbox upgrade adds nice bits for sysadmins

Sysadmins need a "nice" user experience, and Daniel Iversen, head of solution architects for Dropbox Asia Pacific, told The Register that was in mind when the company pushed out a bunch of new admin capabilities. In other words: this is “not about a feature race”, he said, rather a more deliberate – and staged – upgrade …

'Trust it': Results of Signal's first formal crypto analysis are in

Encrypted SMS and voice app Signal has passed a security audit with flying colours. As explained in a paper titled A Formal Security Analysis of the Signal Messaging Protocol [PDF], published by the International Association for Cryptologic Research, Signal has no discernible flaws and offers a well-designed and compromise- …
Darren Pauli, 08 Nov 2016

Capita STILL hasn't delivered usable Army recruitment IT system

Infamous IT bungler Capita still hasn't delivered usable ICT systems for British Army recruitment, despite signing the contract to do so five years ago, it emerged in Parliament on Tuesday. Crapita Capita has a contract with the Ministry of Defence, the Recruitment Partnering Project, which was signed for £1.3bn in 2012 to …
Gareth Corfield, 02 Nov 2016
Container ship, photo via Dmitry Chulov Shutterstock

Apcera pitches escape from IT hamster wheel

Apcera, a San Francisco-based maker of container management software, on Tuesday plans to update the Apcera Platform with capabilities to help enterprises deal with containers more effectively. Apcera's software allows companies to deploy and manage cloud-native and legacy applications using on-premises, hybrid, or cloud …
Thomas Claburn, 01 Nov 2016