Articles about Audit

OpenSSL audit kicks off for post-Heartbleed strengthening program

A major audit of the ubiquitous OpenSSL web security protocol is set to commence under a US$1.2 million industry commitment to harden open source technologies. OpenSSL is first off the rank under the Linux Foundation’s Core Infrastructure Initiative given its popularity and lack of in-depth security review. "OpenSSL has been …
Darren Pauli, 10 Mar 2015
picard

Premera healthcare: US govt security audit gave hacked biz thumbs up

Serious doubt has been cast on the US government's data security regulations after Premera Blue Cross was declared secure by Uncle Sam – just months before the healthcare giant was ransacked for financial and medical information by hackers. The biz underwent a computer security audit by a federal watchdog in January 2014, was …
Iain Thomson, 23 Mar 2015
padlock

EU flings €1m at open source security audit wheeze

EU institutions have finally got the memo about it being a good idea to pinpoint and fix security vulnerabilities. Next year the European Parliament has allocated up to €1m for a project to audit free software programs in use at the European Commission (EC) and the EU Parliament in order to find and repair potential weaknesses …
Jennifer Baker, 23 Dec 2014
TrueCrypt

TrueCrypt audit: Probe's nearly all the way in ... no backdoor hit yet

The first phase of crowd-funded audit of TrueCrypt has turned up several vulnerabilities, but nothing particularly amiss and certainly nothing that looks like a backdoor. iSEC Partners, which was contracted to carry out the audit by the Open Crypto Audit Project (OCAP), ‪found‬ 11 vulnerabilities in the full disk and file …
John Leyden, 15 Apr 2014
Bittorrent logo detail

Cries of spies as audit group finds possible 'backdoor' in Bittorrent Sync

Updated: BitTorrent responds Popular file sharing platform BitTorrent Sync is 'probably' leaking hashes to its website and access to shared data, a group audit has found. The platform downloaded some 10 million times allowed users to synchronise data over networks using encrypted peer-to-peer at speeds said to be 16 times faster than Dropbox, using …
Darren Pauli, 18 Nov 2014
TrueCrypt

TrueCrypt audit project founder: 'We've set our sights high'

Interview A TrueCrypt audit project has uncovered a well of technical support with its plans to publicly audit the widely used disk and file encryption utility for the first time. TrueCrypt is a widely used utility that encrypts and decrypts entire drives, partitions or files within a virtual disk. The tool can also hide volumes of data …
John Leyden, 18 Nov 2013
TrueCrypt

Crowdfunded audit of 'NSA-proof' encryption suite TrueCrypt is GO

A fundraising effort to pay for an independent, professional security audit of TrueCrypt, the popular disk encryption utility, has raised enough money to pay for an arguably long overdue audit of the security software. TrueCrypt is a widely used utility that encrypts and decrypts entire drives, partitions or files within a …
John Leyden, 06 Nov 2013
Cloud security image

Horrors of murky TrueCrypt to be probed once more

The gears of the TrueCrypt audit have whirred into life overnight with boffins poised to again probe the open source crypto tool after nearly a year of waiting. A tiny team will fondle the tool's random number generators, cipher suites and key algorithms in a bid to pull the internet's favourite crypto suite out of the pariah …
Darren Pauli, 20 Feb 2015

Microsoft and Oracle are 'not your trusted friends', public sector bods

Software providers such as Microsoft and Oracle are aggressively targeting public sector customers with licence "audit reviews" in a bid to plug falling subscription revenue, according to research. Over one-third of the 436 councils surveyed across the UK have been subject to at least one software licence review in the last 20 …
Kat Hall, 27 Mar 2015
Keep out sign with deleted expletive

US watchdog: Anthem snubbed our security audits before and after enormous hack attack

A year or so before American health insurer Anthem admitted it had been ruthlessly ransacked by hackers, a US federal watchdog had offered to audit the giant's computer security – but was rebuffed. And, after miscreants looted Anthem's servers and accessed up to 88.8 million private records, the watchdog again offered to audit …
Shaun Nichols, 05 Mar 2015
francis_maude_flames_evil

National Audit Office tears government's savings claims in HALF

The National Audit Office has questioned the Cabinet Office's weighty ICT savings claims and revealed it still does not know how many small biz suppliers are winning public sector contracts. Minister Francis Maude's merry band claims it saved taxpayers £702m on tech and comms spending in fiscal 2012 ended March - £354m through …
Paul Kunert, 23 Jan 2013
Malware image

Lenovo CTO: Hey, look around – we're not the only ones with a crapware infection

On Friday Lenovo is going to tell the world about how it plans to regain the trust of its users in the wake of the Superfish clusterfuck – and may even launch an independent security audit of its products. "Our goal, in the end, is to make this right," Lenovo's CTO Peter Hortensius told The Register on Tuesday. "It's going to …
Iain Thomson, 25 Feb 2015
The Register breaking news

Security audit finds dev OUTSOURCED his JOB to China to goof off at work

A security audit of a US critical infrastructure company last year revealed that its star developer had outsourced his own job to a Chinese subcontractor and was spending all his work time playing around on the internet. The firm's telecommunications supplier Verizon was called in after the company set up a basic VPN system with …
Iain Thomson, 16 Jan 2013

VMware's tool to harden virtual networks: a spreadsheet

VMware has released a guide to hardening its NSX virtual networking and product. The guide published online by VMware information security professional Pravin Goyal, covers management, control and data planes. It recommends including audit logs and system events in backups, enabling and securing remote logging for the NSX …
Darren Pauli, 14 Oct 2014

ICO's data protection tentacles will penetrate NHS bodies

NHS bodies in the UK can now be forced to open themselves up to data protection audits under new powers handed to the Information Commissioner's Office (ICO). The watchdog told Out-Law.com that its audits regime follows a "participative approach" and that therefore it would first ask health bodies if they would voluntarily …
OUT-LAW.COM, 03 Feb 2015

Soz SMEs, we're not interested in your direct biz

Small biz suppliers received no more love from government procurement departments last year, with direct spend dipping by 0.1 per cent compared with 2012/13 to £4.5bn. Over the last two years, direct spend rose by just 0.3 per cent, according to government figures. In 2010 the government set a target for 25 per cent of all its …
Kat Hall, 25 Feb 2015

Scouts take down database due to 'security vulnerabilities'

The Scouts Association has taken down its Compass database, which holds the records of nearly half-a-million young people and adult volunteers, after discovering a "potential security vulnerability," The Register can reveal. In a letter seen by El Reg and addressed to members this morning, the association said the decision was …
Kat Hall, 28 Jan 2015
fingers pointing at man

Child labour, lost wages uncloaked by Apple factories audit

Apple has for the first time released a complete list of its suppliers [PDF], publishing the names of 156 companies who make the parts for everything from Macbook screens to iPad covers. The list includes well-publicised contracts, such as Apple's mega deals with Samsung and LG, as well as more obscure deals with smaller …
Anna Leach, 16 Jan 2012
Spam image

Ten years on, TEN PER CENT of retailers aren't obeying CAN-SPAM

One in 10 of the world’s largest online retailers are sill violating the CAN-SPAM Act, a full 10 years after the US anti-spam legislation went into effect. The finding comes from an audit by the Online Trust Alliance (OTA), a non-profit with the mission to enhance online trust. They also found that 70 per cent of 200 online …
John Leyden, 18 Sep 2014
Downing Street road sign

Universal Credit CRISIS: Up to £200m in IT spend WASTED – NAO

Around £219m in IT investments in the much-maligned Universal Credit programme may be written off, a National Audit Office report has revealed today. To date, £344m in IT investment has been sunk into the programme, but just £125m of those assets are currently in use. The NAO revealed the department has written off a further £ …
Kat Hall, 26 Nov 2014

China hacked US Army transport orgs TWENTY TIMES in ONE YEAR

Sophisticated Beijing-backed hackers raided civilian organisations responsible for the movements of US troops and equipment 20 times in one year of which only two were detected by the responsible agency, an audit report has found. Contractors underneath the US Transportation Command (TRANSCOM) agency were hacked a total of 50 …
Darren Pauli, 18 Sep 2014

Ireland's data cops: Yes, we probed LinkedIn. Don't ask what we found

Ireland’s data protection authorities will not publish the results of an audit they carried out on digital CV site LinkedIn. Ciara O'Sullivan, spokeswoman for the Irish Data Protection Commissioner, said that the watchdog “owes a duty of confidentiality to organisations it investigates”. She added that it was up to the …
Jennifer Baker, 05 Nov 2014
The Register breaking news

Facebook spurns privacy probe as 'routine audit'

Facebook's international headquarters are in Dublin, Ireland, where the company just so happens to face a regulatory probe into the handling of personal data on the social network. According to the RTE, the Irish data protection commissioner will carry out a privacy audit of the site in November. That's potentially a big deal, …
Kelly Fiveash, 30 Sep 2011

OpenSSL preps fix for mystery high severity hole

The OpenSSL Project will repair a "high severity" security hole in updates due Thursday. Information is thin on the ground. El Reg has asked OpenSSL for more details to help admins prepare for the patching. The hole will be patched as part of a series of fixes that will land on 19 March and apply to versions 1.0.2a, 1.0.1m, 1.0 …
Darren Pauli, 17 Mar 2015

ALL comp-sci courses will have compulsory infosec lessons – UK.gov

Cyber-security will appear on the UK curriculum from next year in a bid to get more kids into the industry, the government has announced. The topic will be a key part of UK computing and digital further education qualifications from September 2016, Cabinet Office minister Francis Maude said today. Its inclusion is part of a …
Kat Hall, 10 Mar 2015

IBM throws Twitter's firehose into the Bluemix

IBM has revealed one of the first things it plans to do with Twitter's firehose of data: let you point it at its cloudy Bluemix analytics service to find stuff out. Big Blue reckons its role is to help customers “apply social data to business decisions”. One scenario it advances for this kind of thing is analysis of Tweets from …
Simon Sharwood, 18 Mar 2015
padlock

ISO floats storage security standard

The International Standards Organisation reckons the world needs help securing its data, so has published a new storage security standard to cover it. Because The Register isn't about to shell out 198 Swiss Francs to read the whole thing, we're constrained in our ability to tell you exactly what it contains, but we note that the …

No one trusts Oracle, shrieks CCL as cloudy ball misses its goals

Oracle’s cloud growth hinges on overcoming “deep-rooted mistrust” of its core customer base. That’s according to software-licensing pressure group, the Campaign for Clear Licensing. “If Oracle does not address these concerns then the company’s ability to meet its stated $1bn cloud sales target next year, together with the …
Gavin Clarke, 06 Jan 2015

Barracuda CEO snaps up post on Nimble board

Barracuda’s CEO, “BJ” Jenkins, has joined hybrid disk array leader Nimble Storage’s board. Doesn’t the day job fill his time? He’s also Barracuda’s president, as if he’s not busy enough. A canned quote from him on his move said: "It's an exciting time to be in the storage business as innovation thrives and new industry leaders …
Chris Mellor, 13 Mar 2015

What do China, FBI and UK have in common? All three want backdoors in Western technology

The Chinese government wants backdoors added to all technology imported into the Middle Kingdom as well as all its source code handed over. Suppliers of hardware and software must also submit to invasive audits, the New York Times reports. The new requirements, detailed in a 22-page document approved late last year, are …
John Leyden, 29 Jan 2015
Cartoon of fist clutching dollars smashing out of smartphone

Microsoft & Paypal link hands, turn round and slap Apple Pay

Microsoft will start supporting PayPal’s "PayPal Here" hardware, so people can buy things with their mobile phones. The partnership, which is only for the US initially, will allow retailers to use a Lumia or Surface to take payments through PayPal. The idea is that they will then want to use Microsoft products rather than …
Simon Rockman, 16 Jan 2015
Downing Street road sign

More suppliers join flagging GOV.UK Verify ID assurance scheme

In an attempt to inject some life into its ailing GOV.UK Verify identity assurance scheme, the government has today broadened the range of suppliers on the programme's framework. The scheme is intended to act as an identity assurance "marketplace", allowing users to choose from a range of identity providers to authenticate …
Kat Hall, 25 Mar 2015
Fight sticker

Oracle users open can of whup-ass on licensing policies

Businesses view relations with Oracle as “hostile” and are “filled with deep-rooted mistrust”, according to a six month end-user survey on software compliance conducted by the Campaign for Clear Licensing (CCL). The not-for-profit organ probed (PDF) 100 hard-pressed IT and software asset managers, licensing specialists and tech …
Paul Kunert, 03 Nov 2014

Universal Credit could take 10 YEARS to finish, says Labour MP

The government's disastrous £700m Universal Credit programme could take up to 10 years to complete, Labour MP Stephen Timms informed El Reg on Thursday. "I've been reliably told by someone formerly working on the programme that it will take ten years to complete. Based on the evidence, I have no reason not to believe that time- …
Kat Hall, 13 Mar 2015
SoftLayer's data center

SCC bags universal credit hosting contract

Reseller and IT services outfit SCC has won a two-year hosting deal for the Department for Work and Pensions' (DWP) troubled universal credit programme for a sum worth "over six figures". The deal was awarded through the G-Cloud and is part of the DWP's next "digital service" phase of the programme, which is currently being …
Kat Hall, 27 Feb 2015
For Sale sign detail

Acer writes off $150m as audit finds 'abnormalities'

Acer CEO and Chairman JT Wang has relinquished his remuneration package including bonuses from 2010 after the firm unearthed "abnormalities" in channel inventory across EMEA that will cost it US $150m (£91m) to write off. The Taiwanese giant will also cut board directors' pay packages by 50 per cent, ask staff to take a 40 per …
Paul Kunert, 01 Jun 2011
The Register breaking news

Wales Audit Office boss sacked amidst laptop smut claims

Jeremy Colman, Auditor General for Wales has resigned from his £170,000 a year post after porn material was allegedly found on his laptop. In fact, the post is in the gift of the Queen, so his resignation has been forwarded on to her. The National Assembly is now looking for an interim successor. His laptop was seized, The …
John Oates, 04 Feb 2010

Court recording biz with clients EVERYWHERE has forums breached

Australian court transcription company "For The Record" – which bills itself as "The No.1 digital evidence recording platform in the world" and says its products are "used in courtrooms throughout North America, Europe and Asia" – has had its forum hacked. The firm is used by the likes of the Victorian and NSW Supreme courts to …
Darren Pauli, 27 Mar 2015

Gov departments still splashing BILLIONS on big-ticket IT projects

Big Whitehall departments got the green light to splash more than a billion pounds on IT projects last year, data analysis by The Register can reveal. A total of £1.4bn was handed out to the six largest government departments according to their spend exemption data, which is made available as part of the government's commitment …
Kat Hall, 10 Mar 2015
Sad cloud

EU governments are CRAP at cloud, moans Brussels' infosec watchdog

European governments haven’t got a clue how to implement cloud services. So say the EU's own cybersecurity experts. ENISA (the European Network and Information Security Agency) has released a report on the adoption of something it calls “Gov Cloud”, defined as “a deployment model to build and deliver services to state agencies ( …
Jennifer Baker, 28 Feb 2015
Columns of coins in the cloud

AWS: Wanna join our MSP club? The bar is high, says UK boss

Managed Services Providers - still the most sought after of all channel partners types - can now jump through some hoops to scoop a badge of certification from Amazon Web Services. The infrastructure services firm is formalising relations with MSPs via an extension to it’s programme in a bid to sort the wheat from the chaff. “ …
Paul Kunert, 12 Dec 2014
Google Drive

Put those smartphones away: Google adds anti-copying measures to Drive for Work

Google has rolled out five new functions aimed at beefing up the security, administration and sharing features of its Drive for Work cloud business suite and the equivalent education package. Youtube video "Since we launched Drive for Work 9 months ago, we've watched as more and more businesses moved to the cloud - and seen …
Iain Thomson, 31 Mar 2015
Crop of doctor with pen and clipboard

Abuse of health data deserves JAIL, thunders ethics body

Health authorities must consider the moral issues of collecting and linking data in projects such as the controversial Care.data scheme, an independent medical ethics body has warned. A report from the Nuffield Council on Bioethics singled out recent health initiatives such as Care.data as raising ethical questions surrounding …
Kat Hall, 03 Feb 2015

Labour vows: We'll pause one-dole-to-rule-them-all for drastic fix-up if elected in 2015

The Labour Party has promised to put the brakes on the deeply troubled Universal Credit system for three months if it gets into government next year. During that time, shadow work and pensions minister Rachel Reeves said that Labour would urge the National Audit Office to conduct a review of the lumpen welfare reform programme. …
Kelly Fiveash, 24 Jun 2014
The MSN Santa (unconfirmed)

Google's elves work on Santa to rein(deer) in grinchware

Google's elves have been busy working on a toy for all the girls and boys who run Mac OS and worry about getting a virus. “Santa” is billed as “a binary whitelisting/blacklisting system for Mac OS X”, can be found on GitHub and “keeps track of binaries that are naughty and nice.” Nice binaries get to run. Naughty binaries get a …
Simon Sharwood, 25 Nov 2014

Optus must hire checkbox champion after epic router, voicemail borking

Optus has escaped a financial penalty imposed Australia's privacy boss and instead must review its internal security measures after it shipped hundreds of thousands of routers with open internet ports and default credentials, opened voice mails, and marked public scores of private phone numbers. The order billed as an ' …
Darren Pauli, 27 Mar 2015
LIFE_SUPPORT_HEART_AND_LUNG_MACHINE

TrueCrypt hooked to life support in Switzerland: 'It must not die' say pair

Two programmers hope to resurrect development of disk-encryption tool TrueCrypt after its original developers quit the project. The official TrueCrypt.org website abruptly shut up shop last week ostensibly because its secretive maintainers felt they could no longer keep the software secure. They blamed the Microsoft's …
John Leyden, 04 Jun 2014
Cabinet Office minister Francis Maude against bakdrop of '70s stone facade with old axes hung up on wall (background by Michael Coghlan, licensed under CC 2.0

Mad Frankie Maude hangs up his axe

Axe-wielder-in-chief and Cabinet Office minister Francis Maude is to hang up his blade after the next election. Since first swinging into power in 2010 Maude has pledged war on the supplier "oligopoly", which have traditionally dominated Whitehall IT spend, placed a moratorium on IT contracts over £100m, overseen the creation of …
Kat Hall, 02 Feb 2015

US Social Security 'wasted $300 million on an IT BOONDOGGLE'

Members of the US Congress are demanding answers from the Social Security Administration (SSA) over an ongoing IT project that has racked up a $288m bill without deploying a field-ready product. A trio of representatives from the House Oversight Committee said in a letter to the SSA that they had "serious problems" with the way …
Shaun Nichols, 24 Jul 2014

SHOCK HORROR: Oz's biggest govt agencies to miss infosec deadline

Australia's largest government agencies will miss a July deadline to implement even basic information security controls. The Australian National Audit Office's (ANAO's) annual report says that the country's biggest government agencies won't deploy Defence-issued controls to implement fast patching and organisation-wide …
Darren Pauli, 25 Jun 2014