Articles about Audit


Three million debit cards at risk after hackers raid Indian payment systems

A suspected security breach has led banks in India to warn 3.25 million customers to replace their debit cards or change the PINs. National Payments Corporation of India (NCPI), the umbrella organization for the nation's retail IT systems, said customers at 19 banks were affected. We're told 641 people have been defrauded – …
Iain Thomson, 20 Oct 2016
editorial only image of Whitehall. Pic Daniel Gale/Shutterstock

Buck up, You need to get a grip on failing shared services centres - PAC

MPs have urged the Cabinet Office to get a grip on its embarrassing efforts to consolidate departments' back offices into two privately owned shared services centres. Moves to shift departments' back office servers and ERP systems were announced to much fanfare four years ago - but have yet to save the government any cash …
Kat Hall, 19 Oct 2016

You work so hard on coding improvements... and it's all undone by a buggy component

Nearly all (97 per cent) of Java applications contain at least one component with a known vulnerability, according to a new study by app security firm Veracode. Veracode reports year-over-year improvements in the code organisations write, a positive finding somewhat undone by the increasing proliferation of risk from open …
John Leyden, 18 Oct 2016

Audit sees VeraCrypt kill critical password recovery, cipher flaws

Security researchers have found eight critical, three medium, and 15 low -severity vulnerabilities in a one month audit of popular encryption platform VeraCrypt. The audit is the latest in a series prompted by the shock abandoning of TrueCrypt in May 2014 due to unspecified security concerns claimed by the hitherto trusted …
Darren Pauli, 18 Oct 2016
Losing money

The IRS spaffed $12m on Office 365 subscription IT NEVER USED

A report on spending from the office of the US Treasury Inspector General for Tax Administration (TIGTA) claims that between June 2015 and June 2016, the tax collectors paid $12m for subscriptions on Microsoft Office 365 and Exchange Online that were never used. The TIGTA report [PDF] found that in 2014, the IRS kicked off a …
Shaun Nichols, 14 Oct 2016

You've been hacked. What are you liable for?

Hacking is big news and we’re all susceptible. In the UK, hackers could face jail time under the Computer Misuse Act, but the question on many businesses’ minds will be where the liability lies if they are hacked. The list of successful mega breaches continues to grow; extra-marital affairs site Ashley Madison hit the …
Frank Jennings, 14 Oct 2016
 Putting text-reading robots to work. Arthur_Caranta, CC BY-SA

S&M Cloud's IBM hookup

Spanish cloud provider S&M Cloud has integrated SME's Private Enterprise File Share and Sync Fabric with IBM's SoftLayer cloud object storage. S&M Cloud is one of IBM's SoftLayer partners in Spain. SME is UK-based Storage Made Easy. They claim the joint SoftLayer + SME offering means customers can manage corporate …
Chris Mellor, 13 Oct 2016

Understand your data and make good decisions

Promo Data, data everywhere and not an insight in sight. Tableau, the business intelligence and analytics software firm, is on a mission to help you see and understand your data and enable you to make informed, fast decisions. Tableau uses its own software everyday throughout the business and wants to show you how it does this in " …
David Gordon, 11 Oct 2016

Heads roll as Qihoo 360 moves to end WoSign, StartCom certificate row

After being pinged by Mozilla for issuing backdated SHA-1 certificates, Chinese certificate authority WoSign's owner has put the cleaners through the management of WoSign and StartCom. Mozilla put WoSign and StartCom on notice at the end of September. As part of its response, the company has posted around 200,000 certificates …

Secure cloud doesn’t always mean your stuff in it is secure too

IPExpo “Picking a secure cloud partner is not as trivial as it may seem. Don't assume that because the cloud is secure, your business within the cloud is secure,” Unisys’ chief trust officer Tom Patterson said today. Alongside Patterson and giving a joint keynote speech about lowering costs and risks in the cloud this morning was AWS …
Gareth Corfield, 06 Oct 2016

Citizens don't trust UK.GOV with their data

UK citizens have little faith in the government's ability to securely handle their private data - according to a wide-ranging survey which echoes findings by the National Audit Office. Just 22 per cent believed that the government has appropriate means to stop cyber-attacks and identity breaches, according to 1,500 citizens …
Kat Hall, 06 Oct 2016

How does a hybrid infrastructure fit my accreditations?

Security-related certifications such as ISO 27001 and, more particularly, the Payment Card Industry Data Security Standard (PCI-DSS), have stringent requirements regarding the controls on infrastructure, how data is routed and stored around it, and so on. Particularly in the cloud components of a hybrid setup, the control you …
Dave Cartwright, 06 Oct 2016
Pic: Shutterstock

CloudFlare shows Tor users the way out of CAPTCHA hell

CloudFlare has backed up its promise to get rid of the CAPTCHAs that Tor users complain discriminate against them. The content distribution network's (CDN's) hated CAPTCHAs make browsing an unhappy experience for Tor users by offering rather too many challenges. Worse yet, they drop a cookie on validated users' browsers and …
Australian Parliament House Canberra

Australia's e-Senate vote count: a good start but needs improvement

An international group of security, encryption, and electoral academics believe Australia's Senate voting software needs an audit. The group, including researchers from MIT, UC Berkeley, and the University of Melbourne, took a look (PDF) at the Australian Electoral Commission's (AEC's) implementation of electronic counting for …
Businessman makes A-OK sign. Photo by Shutterstock

Avoid the dreaded auditor's smirk: Smart policies and procedures for the hybrid cloud

When you get to a certain age, and you've been in the IT industry for enough years, you start to get an idea of what auditors are looking for when they descend on you and ask you pointed questions about your systems. And I don't just mean security auditors: if your company has an annual financial audit the team which comes to …
Dave Cartwright, 04 Oct 2016

Dirty diesel backups will make Hinkley Point C look like a bargain

Britain signed off on the most costly energy deal it has ever made this week – but the price we agreed for energy from Hinckley is still lower than the peak prices that will hit British wallets even harder, and sooner. Current commitments to renewable generation will cost each household £466 by 2020/21, the centre-right think …
Andrew Orlowski, 30 Sep 2016
Super-villain Dr Evil puts finger to lip in scheming manner, asks for one million dollars. Pic: New Line Cinema

VESK coughs up £18k in ransomware attack

Exclusive Hosted desktop and cloud provider VESK is staggering back to its feet after paying 29 Bitcoins (£18,600) in a ransomware attack earlier this week. VESK became aware that one of its environments had been impacted by a ransomware virus on Monday (26 September) at 3am. This virus was a new strain of the Samas DR ransomware, …
Kat Hall, 29 Sep 2016

Internet of Things security? Start with who owns the data

“Defence is only as strong as the weakest link,” said Tim Phipps of Solarflare at today’s Cambridge Wireless event on security within the Internet of Things. Today's Cambridge Wireless event was part of its Special Interest Group focusing on security and defence. In particular, on securing and defending the Internet of Things …
Gareth Corfield, 28 Sep 2016
editorial only image of Whitehall. Pic Daniel Gale/Shutterstock is doing sod all to break £20bn of locked-in IT contracts

Analysis If IT wasn't perceived to be such a boring topic by Joe Public, the amount the government still spends on expensive clunky technology would be viewed as a national scandal. Across the entire public sector the annual figure has been pegged at around £20bn. No one knows for sure. As long as Whitehall's money is locked into …
Kat Hall, 28 Sep 2016
IT Crowd's Roy: "Have you turned it off and on again?"

Sysadmin gets 5 years for slurping contractor payments to employer

A 49-year-old IT bloke from Essex has been sentenced to five years' imprisonment on two counts of fraud after his cunning plan to steal £450,000 from his employer was uncovered... almost immediately. Adeshola Dada, of Watts Crescent, Purfleet, Essex, was employed in the IT department of Genesis Housing Association, where he …

Woo hoo, has unveiled yet another tech creche – for infosec

Plans are afoot in Westminster to burn even more taxpayers' cash by launching a new cyber-security startup accelerator in Cheltenham. The accelerator will be the umpteenth vehicle for funnelling money to muppets since the coalition government came to power. Other accelerators have included a military technology free-money …

Microsoft lets Beijing fondle its bits in new source code audit hub

Microsoft has opened a technology centre in China to reassure Beijing it does not have backdoors in its software. The so-called Transparency Centre is the third Redmond has opened to reassure governments that Microsoft's wares are secure. Redmond's trustworthy computing corporate veep Scott Charney says the centre will allow …
Darren Pauli, 20 Sep 2016
Oracle's cloud plan

Spoiler alert: What Oracle is going to announce today

OpenWorld It's that time of the year again. Oracle's OpenWorld is in San Francisco. Supremo Larry Ellison has given his Sunday keynote. Here's a summary of what the database giant is going to reveal today in easily digestible chunks. And, yeah, warning: everything is now cloud. Anything you'd call an application or a software service is …
Chris Williams, 19 Sep 2016 oughta get its data-sharing house in order before Digital Economy Bill plans

Analysis The government has a funny notion of how to tackle failure. When it comes to contracts, suppliers that have routinely messed up are handed more deals. When it comes to policy, approaches that have proved unsuccessful get dusted off and pushed with renewed vigour. The author who wrote "the definition of insanity is doing the …
Kat Hall, 19 Sep 2016
Man in helmet looks uncertain, holds up shield. Photo by Shutterstock

National Cyber Security Centre to shift UK to 'active' defence

The head of the UK’s new National Cyber Security Centre (NCSC) has detailed plans to move the UK to "active cyber-defence", to better protect government networks and improve the UK’s overall security. The strategy update by NCSC chief exec Ciaran Martin comes just weeks before the new centre is due to open next month and days …
John Leyden, 16 Sep 2016
Metropolitan police image via Shutterstock

'Inherent risk' to untried and untested 4G emergency services network – NAO

Plans for a new 4G emergency services network (ESN) to be used in life and death situations by the blue light services have been dubbed as "high risk," in a report from the National Audit Office today. The ESN will replace the expensive Airwave radio system used by the police, fire and ambulance services. It is expected to …
Kat Hall, 15 Sep 2016
Defeated-looking young man puts his head against table in front of laptop and pile of papers in conference room. Pic via Shutterstock

So, Gov.UK infosec in 2015. 'Chaotic'. Cost £300m. NINE THOUSAND data breaches...

The Cabinet Office is failing to coordinate the UK's government departments' efforts to protect their information according to a damning report by the National Audit Office. The NAO found that the Cabinet Office failed in its duty and ambition to coordinate and lead government departments’ efforts in protecting such …
Cell tower, view from below. Image by

UK oversight body tipped to examine phone snooping tech in prisons

The secretive use of IMSI grabbers in the UK is set to receive oversight from the Interception of Communications Commissioner's Office (IOCCO). IOCCO is awaiting a formal request from the Prime Minister to provide oversight of the use of mobile phone eavesdropping devices in prisons, its head has confirmed to The Register. …

Brit spies and chums slurped 750k+ bits of info on you last year

More than 760,000 “items of communication” were obtained by British snoops – and others – in 2015, according to the Interception of Communications Commissioner’s Office’s (IOCCO) annual report. The report, which was published today and covers the annual year 2015, revealed for the first time an accurate scale of communications …
An Air Asia Airbus A330. Pic: Mingman/Shutterstock

Typo made Air Asia X flight land at Melbourne instead of Malaysia

Finger trouble with onboard navigation systems led to an Air Asia flight making a two-hour internal hop in Australia before its scheduled journey to Malaysia. An investigation report by the Australian Transportation Safety Bureau (ATSB) into the March flight disclosed the cockup, which it said was down to the A330's captain “ …
Gareth Corfield, 07 Sep 2016
Sheaf of £50 notes poised on the rim of a toilet bowl as toilet is flushed. Collage of two photos sourced from Shutterstock

Universal Credit: 'One dole to rule 'em all' on verge of recovery – report

The disastrous £16bn one-dole-to-rule-them-all Universal Credit programme in the UK may be turning a corner, according to a report by think-tank the Institute for Government. The woes of the programme have been long-documented, with the National Audit Office three years ago revealing that the entire multi-billion programme had …
Kat Hall, 06 Sep 2016
Hippie peace, image via Shutterstock

ACCC mulls regulating roaming charges

The Australian Competition and Consumer Commission (ACCC) has sparked a Telstra-Optus love-in by looking into whether mobile roaming should be a regulated service. The regulator has announced a “declaration inquiry” into roaming. If the inquiry led to a declaration, it would mean domestic roaming charges (that is, when a user …
Australian $20 burning

Australia's mobile black spot program was a partisan money hole

One in five new mobile phone towers built with Australian government money did more for telcos than for coverage-craving folk living in regional areas. That's the conclusion of the Australian National Audit Office (ANAO), which has assessed the government's Mobile Black Spot Program. Funded to the tune of AU$385 million ( …

L0phtCrack's back! Crack hack app whacks Windows 10 trash hashes

Ancient famed Windows cracker L0phtCrack has been updated after seven years, with the release of the "fully revamped" version seven. The password cracker was first released 19 years ago gaining much popularity in hacker circles and leading Microsoft to change the way it handled password security at the time. No new versions …
Darren Pauli, 01 Sep 2016

NHS slaps private firm Health IQ for moving Brits' data offshore

Health insurance and financial data management biz Health IQ is the latest outfit to have its wrists slapped by NHS Digital in the UK for failing to comply with data processing rules. A technical audit of Health IQ concluded the company had breached its Data Sharing Agreement with the NHS "by holding and processing data …
Kat Hall, 26 Aug 2016
UK border control at Heathrow. Photo by 1000 words/Shutterstock editorial use only

Paper mountain, hidden Brexit: How'd you say immigration control would work?

At some point in the next few years we will be in a post-Brexit world, and the UK will have regained complete control of its borders. Or maybe not. At this juncture, it's worth taking a long hard look at how that might work. Spoiler: it won't. And that's because of two things, law and logistics. Those immediately affected by …
John Lettice, 22 Aug 2016

VeraCrypt security audit: Four PGP-encoded emails VANISH

Security researchers running a project to audit open source disk encryption tool VeraCrypt have been spooked by the mysterious disappearance or non-arrival of encrypted communications. The OSTIF (the Open Source Technology Improvement Fund) mounted an effort to get VeraCrypt independently audited at the start of August. …
John Leyden, 16 Aug 2016
Man exasperated after being on hold for a long period of time. Photo by Shutterstock

HMRC: We've got £1.3bn for digital tax schemes. Tell us how to spend it

HMRC is casting around for ideas on how to splash £1.3bn in order to become the most "digitally advanced" tax administration in the world. Last year the body was awarded £1.3bn of digital investment over the next four years, which it said would yield £1bn in extra tax revenue after 2020 by ending "bureaucratic form-filling". …
Kat Hall, 15 Aug 2016
Burning money, photo via Shutterstock

Adobe stops software licence audits in Americas, Europe

Adobe has stopped doing software licence audits in most parts of the world, according to Gartner research director Stephen White. White recently blogged about Adobe's decision, writing that “These programs were closed in the North America, Japan and Latin America markets as of November 2015. Closure of the EMEA program is …
Simon Sharwood, 12 Aug 2016

Raucous Ruckus router ruckus roundly rumbles: Infosec bod says Wi-Fi kit is weak, biz says no

Enterprise wireless hotspots from Ruckus can be trivially crashed and their login systems bypassed, Tripwire researchers warn. Ruckus confirmed there are flaws in its access points while playing down the seriousness of the bugs. Tripwire followed up a 2014 study into the insecurity of Ruckus routers with a new investigation …
John Leyden, 10 Aug 2016

Oracle to shutter License Services division – source

Oracle’s cloud sales drive may have claimed the giant’s Compliance and Optimisation License Services (COLS) unit. A source close to Oracle’s licensing operations has told The Reg COLS is in the process of being wound up as the company prioritises cloud sales for new hires. The software firm is less concerned about deals that …
Gavin Clarke, 10 Aug 2016
A US police officer smiles while standing in front of her patrol car. Photo by Shutterstock

Your colleagues will lie to you: An enterprise architect's life

Enterprise Architects … well, among other things they design and build corporate infrastructures. It's very easy, though, for these highly technical masters of electronic wizardry to concentrate on making the technology work at the expense of the more tedious corporate governance stuff. Here are my favourite five things that …
Dave Cartwright, 10 Aug 2016

BBC detector vans are back to spy on your home Wi-Fi – if you can believe it

Updated The BBC's creepy detector vans will be dragged into the 21st century to sniff Brits' home Wi-Fi networks, claims the UK Daily Telegraph's Saturday splash. From September 1, you'll need a telly licence if you stream catch-up or on-demand TV from the BBC's iPlayer service, regardless if you've got a television set or not – phone …
Chris Williams, 06 Aug 2016
Parachutist image via Shutterstock

The bigger they get, the harder we fall: Thinking our way out of cloud crash

Cloud computing is wonderful, until it isn’t. A digital screw comes loose somewhere, and before you know it the whole engine has ground to a halt in a cascading cloud outage – or, as we like to call it, a cloutage. It has happened before, and Bryan Ford was very worried about it in 2012. Then a Yale Researcher, he published a …
Danny Bradbury, 29 Jul 2016
Projects at risk

MPs reiterate risks of mega £10bn Aspire contract overhaul

UK MPs have warned that HMRC (HM Revenues and Customs) may struggle to overhaul its expensive £10bn IT systems with Capgemini, and that further cuts could ultimately waste more taxpayers' cash. The Public Accounts Committee (PAC) report published today said the body remains concerned that HMRC may struggle to integrate …
Kat Hall, 27 Jul 2016
Silhouette of spy discerning password from code uses a command on graphic user interface

Zero-day hole can pwn millions of LastPass users, all that's needed is a malicious site

Updated A dangerous zero-day vulnerability has been found in popular cloud password vault LastPass, which The Register has been told can completely compromise user accounts. Many millions of people can right now be compromised by merely visiting a malicious website using Firefox with LastPass's software installed, we understand. This …
Darren Pauli, 27 Jul 2016
gold abacus via shutterstock

Eurocrats to pore over Apache, KeePass code

The Apache HTTP server and KeePass password manager are to get a free code audit, courtesy of a pilot European Commission project. The EC-FOSSA (free and open source software auditing project) pilot was conceived by the European parliament in 2014, and given €1 million to work with. As well as code audits, it's got the …
HMRC photo,

Guess who gets hit hard by IR35 tax clampdown? Yep, IT contractors

IT contractors in Blighty could bear the brunt of UK government plans to clamp down on self-employed workers not paying the correct employment taxes - with HMRC targeting 20,000 public sector contractors. The taxman is currently consulting on whether to shift responsibility for compliance with the intermediaries legislation, …
Kat Hall, 22 Jul 2016
Woman holds up PBX phone in office. Pic by Shutterstock

Really Scary Telecoms Stuff? Nah – telephony's just an app

In 2009, I moved to Jersey to become the network and telecoms manager for a multinational company. It was tremendous fun, as I had a variety of kit to play with. I tended to favour the Mitel 3300 ICP range (still do, actually) that supported about half of our offices, and I did the various engineer courses and exams for the …
Dave Cartwright, 20 Jul 2016

Top IT bod Sally Howes leaves the UK's National Audit Office

Sally Howes, the executive lead at the UK National Audit Office responsible for working with departments on their IT programmes, has stepped down after six years in the role. Howes joined the NAO in 2010 as a director, and was appointed executive leader with responsibility for digital and innovation in 2013. She also oversaw …
Kat Hall, 19 Jul 2016