Articles about Audit

OpenSSL audit kicks off for post-Heartbleed strengthening program

A major audit of the ubiquitous OpenSSL web security protocol is set to commence under a US$1.2 million industry commitment to harden open source technologies. OpenSSL is first off the rank under the Linux Foundation’s Core Infrastructure Initiative given its popularity and lack of in-depth security review. "OpenSSL has been …
Darren Pauli, 10 Mar 2015

Crack security team finishes TrueCrypt audit – and the results are in

The researchers behind the security audit of the TrueCrypt disk-encryption software have completed their work and say they have found no evidence of any deliberate backdoors or serious design flaws in its code. "Based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software," crypto boffin …
Neil McAllister, 02 Apr 2015
picard

Premera healthcare: US govt security audit gave hacked biz thumbs up

Serious doubt has been cast on the US government's data security regulations after Premera Blue Cross was declared secure by Uncle Sam – just months before the healthcare giant was ransacked for financial and medical information by hackers. The biz underwent a computer security audit by a federal watchdog in January 2014, was …
Iain Thomson, 23 Mar 2015
padlock

EU flings €1m at open source security audit wheeze

EU institutions have finally got the memo about it being a good idea to pinpoint and fix security vulnerabilities. Next year the European Parliament has allocated up to €1m for a project to audit free software programs in use at the European Commission (EC) and the EU Parliament in order to find and repair potential weaknesses …
Jennifer Baker, 23 Dec 2014
TrueCrypt

TrueCrypt audit: Probe's nearly all the way in ... no backdoor hit yet

The first phase of crowd-funded audit of TrueCrypt has turned up several vulnerabilities, but nothing particularly amiss and certainly nothing that looks like a backdoor. iSEC Partners, which was contracted to carry out the audit by the Open Crypto Audit Project (OCAP), ‪found‬ 11 vulnerabilities in the full disk and file …
John Leyden, 15 Apr 2014
Bittorrent logo detail

Cries of spies as audit group finds possible 'backdoor' in Bittorrent Sync

Updated: BitTorrent responds Popular file sharing platform BitTorrent Sync is 'probably' leaking hashes to its website and access to shared data, a group audit has found. The platform downloaded some 10 million times allowed users to synchronise data over networks using encrypted peer-to-peer at speeds said to be 16 times faster than Dropbox, using …
Darren Pauli, 18 Nov 2014
TrueCrypt

TrueCrypt audit project founder: 'We've set our sights high'

Interview A TrueCrypt audit project has uncovered a well of technical support with its plans to publicly audit the widely used disk and file encryption utility for the first time. TrueCrypt is a widely used utility that encrypts and decrypts entire drives, partitions or files within a virtual disk. The tool can also hide volumes of data …
John Leyden, 18 Nov 2013
TrueCrypt

Crowdfunded audit of 'NSA-proof' encryption suite TrueCrypt is GO

A fundraising effort to pay for an independent, professional security audit of TrueCrypt, the popular disk encryption utility, has raised enough money to pay for an arguably long overdue audit of the security software. TrueCrypt is a widely used utility that encrypts and decrypts entire drives, partitions or files within a …
John Leyden, 06 Nov 2013
Fukushima Warning Sign by Raneko https://www.flickr.com/photos/raneko/

Fukushima nuke plant owner told to upgrade from Windows XP

The Tokyo Electric Power Company (TEPCO), operator of the stricken Fukushima Daiichi nuclear energy complex, has been told to migrate 48,000 internet-connected PCs off Windows XP sooner rather than later. TEPCO was recently probed by Japan's Board of Audit, an organisation that oversees the finances of Japan's government and …
Simon Sharwood, 23 Apr 2015

IBM tightens Passport Advantage licensing terms

IBM software customers should be on their guard following changes to the fine print of the giant’s Passport Advantage program. IBM reworded part of Passport Advantage late last year, The Reg has learned, putting more onus on the customer than ever before to keep clear and accurate records of their software use. The changes mean …
Gavin Clarke, 07 Apr 2015
Cloud security image

Horrors of murky TrueCrypt to be probed once more

The gears of the TrueCrypt audit have whirred into life overnight with boffins poised to again probe the open source crypto tool after nearly a year of waiting. A tiny team will fondle the tool's random number generators, cipher suites and key algorithms in a bid to pull the internet's favourite crypto suite out of the pariah …
Darren Pauli, 20 Feb 2015

Microsoft and Oracle are 'not your trusted friends', public sector bods

Software providers such as Microsoft and Oracle are aggressively targeting public sector customers with licence "audit reviews" in a bid to plug falling subscription revenue, according to research. Over one-third of the 436 councils surveyed across the UK have been subject to at least one software licence review in the last 20 …
Kat Hall, 27 Mar 2015
Keep out sign with deleted expletive

US watchdog: Anthem snubbed our security audits before and after enormous hack attack

A year or so before American health insurer Anthem admitted it had been ruthlessly ransacked by hackers, a US federal watchdog had offered to audit the giant's computer security – but was rebuffed. And, after miscreants looted Anthem's servers and accessed up to 88.8 million private records, the watchdog again offered to audit …
Shaun Nichols, 05 Mar 2015
francis_maude_flames_evil

National Audit Office tears government's savings claims in HALF

The National Audit Office has questioned the Cabinet Office's weighty ICT savings claims and revealed it still does not know how many small biz suppliers are winning public sector contracts. Minister Francis Maude's merry band claims it saved taxpayers £702m on tech and comms spending in fiscal 2012 ended March - £354m through …
Paul Kunert, 23 Jan 2013
The Register breaking news

Security audit finds dev OUTSOURCED his JOB to China to goof off at work

A security audit of a US critical infrastructure company last year revealed that its star developer had outsourced his own job to a Chinese subcontractor and was spending all his work time playing around on the internet. The firm's telecommunications supplier Verizon was called in after the company set up a basic VPN system with …
Iain Thomson, 16 Jan 2013
Malware image

Lenovo CTO: Hey, look around – we're not the only ones with a crapware infection

On Friday Lenovo is going to tell the world about how it plans to regain the trust of its users in the wake of the Superfish clusterfuck – and may even launch an independent security audit of its products. "Our goal, in the end, is to make this right," Lenovo's CTO Peter Hortensius told The Register on Tuesday. "It's going to …
Iain Thomson, 25 Feb 2015

VMware's tool to harden virtual networks: a spreadsheet

VMware has released a guide to hardening its NSX virtual networking and product. The guide published online by VMware information security professional Pravin Goyal, covers management, control and data planes. It recommends including audit logs and system events in backups, enabling and securing remote logging for the NSX …
Darren Pauli, 14 Oct 2014

ICO's data protection tentacles will penetrate NHS bodies

NHS bodies in the UK can now be forced to open themselves up to data protection audits under new powers handed to the Information Commissioner's Office (ICO). The watchdog told Out-Law.com that its audits regime follows a "participative approach" and that therefore it would first ask health bodies if they would voluntarily …
OUT-LAW.COM, 03 Feb 2015
fingers pointing at man

Child labour, lost wages uncloaked by Apple factories audit

Apple has for the first time released a complete list of its suppliers [PDF], publishing the names of 156 companies who make the parts for everything from Macbook screens to iPad covers. The list includes well-publicised contracts, such as Apple's mega deals with Samsung and LG, as well as more obscure deals with smaller …
Anna Leach, 16 Jan 2012

Soz SMEs, we're not interested in your direct biz

Small biz suppliers received no more love from government procurement departments last year, with direct spend dipping by 0.1 per cent compared with 2012/13 to £4.5bn. Over the last two years, direct spend rose by just 0.3 per cent, according to government figures. In 2010 the government set a target for 25 per cent of all its …
Kat Hall, 25 Feb 2015

Scouts take down database due to 'security vulnerabilities'

The Scouts Association has taken down its Compass database, which holds the records of nearly half-a-million young people and adult volunteers, after discovering a "potential security vulnerability," The Register can reveal. In a letter seen by El Reg and addressed to members this morning, the association said the decision was …
Kat Hall, 28 Jan 2015
British Transport Police cop. Pic: Gordon Joly

Smile! Brit transport plods turn bodycams on travelling public

British Transport Police have agreed to test 250 Taser Axon body-worn cameras. The gizmos film alleged criminal activity witnessed by the cops, before uploading the footage to a data management system. Taser promised that the evidence gathered from the devices would be stored and managed securely on its platform. The BTP will …
Team Register, 29 Apr 2015
Spam image

Ten years on, TEN PER CENT of retailers aren't obeying CAN-SPAM

One in 10 of the world’s largest online retailers are sill violating the CAN-SPAM Act, a full 10 years after the US anti-spam legislation went into effect. The finding comes from an audit by the Online Trust Alliance (OTA), a non-profit with the mission to enhance online trust. They also found that 70 per cent of 200 online …
John Leyden, 18 Sep 2014
Downing Street road sign

Universal Credit CRISIS: Up to £200m in IT spend WASTED – NAO

Around £219m in IT investments in the much-maligned Universal Credit programme may be written off, a National Audit Office report has revealed today. To date, £344m in IT investment has been sunk into the programme, but just £125m of those assets are currently in use. The NAO revealed the department has written off a further £ …
Kat Hall, 26 Nov 2014
US cashpoint. Pic: Tax Credits

Are you an infosec bod? You must be STINKING RICH, says study

Jobs in the lucrative cyber-security sector can command salaries of $200,000 or more, according to a new salary survey. Lead software security engineer pull in an average of $233,333 while Chief Security Officer ($225,000) and Global Information Security Director ($200,000) also receive serious salaries. A new study of 2015 …
John Leyden, 12 May 2015

Confidential information exposed over 300 times in ICANN security snafu

Two months after claiming there was "no indication" that confidential information was exposed in a security cock-up, domain name overseer ICANN has admitted it happened on at least 330 occasions. Following an audit of its main customer portal, the organization confirmed what we reported at the start of March: that misconfigured …
Kieren McCarthy, 30 Apr 2015

China hacked US Army transport orgs TWENTY TIMES in ONE YEAR

Sophisticated Beijing-backed hackers raided civilian organisations responsible for the movements of US troops and equipment 20 times in one year of which only two were detected by the responsible agency, an audit report has found. Contractors underneath the US Transportation Command (TRANSCOM) agency were hacked a total of 50 …
Darren Pauli, 18 Sep 2014
The Register breaking news

Facebook spurns privacy probe as 'routine audit'

Facebook's international headquarters are in Dublin, Ireland, where the company just so happens to face a regulatory probe into the handling of personal data on the social network. According to the RTE, the Irish data protection commissioner will carry out a privacy audit of the site in November. That's potentially a big deal, …
Kelly Fiveash, 30 Sep 2011
Crop of doctor with pen and clipboard

WHOOPSIE! Vast US health insurer CareFirst plundered of 1.1 MEELLION records

More than 1.1 million user records have been compromised following a hack against US health insurer CareFirst BlueCross BlueShield. Data including members’ names, birth dates, email addresses and subscriber identification numbers may have been stolen by hackers as a result of a security breach last July. The hack was only …
John Leyden, 21 May 2015

Ireland's data cops: Yes, we probed LinkedIn. Don't ask what we found

Ireland’s data protection authorities will not publish the results of an audit they carried out on digital CV site LinkedIn. Ciara O'Sullivan, spokeswoman for the Irish Data Protection Commissioner, said that the watchdog “owes a duty of confidentiality to organisations it investigates”. She added that it was up to the …
Jennifer Baker, 05 Nov 2014

OpenSSL preps fix for mystery high severity hole

The OpenSSL Project will repair a "high severity" security hole in updates due Thursday. Information is thin on the ground. El Reg has asked OpenSSL for more details to help admins prepare for the patching. The hole will be patched as part of a series of fixes that will land on 19 March and apply to versions 1.0.2a, 1.0.1m, 1.0 …
Darren Pauli, 17 Mar 2015

ALL comp-sci courses will have compulsory infosec lessons – UK.gov

Cyber-security will appear on the UK curriculum from next year in a bid to get more kids into the industry, the government has announced. The topic will be a key part of UK computing and digital further education qualifications from September 2016, Cabinet Office minister Francis Maude said today. Its inclusion is part of a …
Kat Hall, 10 Mar 2015

IBM throws Twitter's firehose into the Bluemix

IBM has revealed one of the first things it plans to do with Twitter's firehose of data: let you point it at its cloudy Bluemix analytics service to find stuff out. Big Blue reckons its role is to help customers “apply social data to business decisions”. One scenario it advances for this kind of thing is analysis of Tweets from …
Simon Sharwood, 18 Mar 2015
Photo of an insulin pump made by Medtronic

IEEE's prescription for med-tech crowd: preventing hacks is better than a cure

Medical devices shouldn't be hackable, so the IEEE has published the first steps towards laying down decent security practise for the sector. From the late Barnaby Jack's work on insulin pumps through to this month's "hackable infusion pump", this decade has seen growing interest in medical device vulns. Working with the IEEE's …
padlock

ISO floats storage security standard

The International Standards Organisation reckons the world needs help securing its data, so has published a new storage security standard to cover it. Because The Register isn't about to shell out 198 Swiss Francs to read the whole thing, we're constrained in our ability to tell you exactly what it contains, but we note that the …
The Register breaking news

Wales Audit Office boss sacked amidst laptop smut claims

Jeremy Colman, Auditor General for Wales has resigned from his £170,000 a year post after porn material was allegedly found on his laptop. In fact, the post is in the gift of the Queen, so his resignation has been forwarded on to her. The National Assembly is now looking for an interim successor. His laptop was seized, The …
John Oates, 04 Feb 2010

EU parliament pushes for Dodd-Frank style conflict mineral laws

European electronics manufacturers will have to double check where the minerals in their products come from in future, according to a draft EU law approved by MEPs on Wednesday. The law, adopted by 402 votes to 118, is part of an effort to clamp down on so-called conflict minerals, so that European companies and consumers do not …
Jennifer Baker, 20 May 2015
For Sale sign detail

Acer writes off $150m as audit finds 'abnormalities'

Acer CEO and Chairman JT Wang has relinquished his remuneration package including bonuses from 2010 after the firm unearthed "abnormalities" in channel inventory across EMEA that will cost it US $150m (£91m) to write off. The Taiwanese giant will also cut board directors' pay packages by 50 per cent, ask staff to take a 40 per …
Paul Kunert, 01 Jun 2011

No one trusts Oracle, shrieks CCL as cloudy ball misses its goals

Oracle’s cloud growth hinges on overcoming “deep-rooted mistrust” of its core customer base. That’s according to software-licensing pressure group, the Campaign for Clear Licensing. “If Oracle does not address these concerns then the company’s ability to meet its stated $1bn cloud sales target next year, together with the …
Gavin Clarke, 06 Jan 2015

Barracuda CEO snaps up post on Nimble board

Barracuda’s CEO, “BJ” Jenkins, has joined hybrid disk array leader Nimble Storage’s board. Doesn’t the day job fill his time? He’s also Barracuda’s president, as if he’s not busy enough. A canned quote from him on his move said: "It's an exciting time to be in the storage business as innovation thrives and new industry leaders …
Chris Mellor, 13 Mar 2015

What do China, FBI and UK have in common? All three want backdoors in Western technology

The Chinese government wants backdoors added to all technology imported into the Middle Kingdom as well as all its source code handed over. Suppliers of hardware and software must also submit to invasive audits, the New York Times reports. The new requirements, detailed in a 22-page document approved late last year, are …
John Leyden, 29 Jan 2015
Fight sticker

Oracle users open can of whup-ass on licensing policies

Businesses view relations with Oracle as “hostile” and are “filled with deep-rooted mistrust”, according to a six month end-user survey on software compliance conducted by the Campaign for Clear Licensing (CCL). The not-for-profit organ probed (PDF) 100 hard-pressed IT and software asset managers, licensing specialists and tech …
Paul Kunert, 03 Nov 2014
Cartoon of fist clutching dollars smashing out of smartphone

Microsoft & Paypal link hands, turn round and slap Apple Pay

Microsoft will start supporting PayPal’s "PayPal Here" hardware, so people can buy things with their mobile phones. The partnership, which is only for the US initially, will allow retailers to use a Lumia or Surface to take payments through PayPal. The idea is that they will then want to use Microsoft products rather than …
Simon Rockman, 16 Jan 2015
Downing Street road sign

More suppliers join flagging GOV.UK Verify ID assurance scheme

In an attempt to inject some life into its ailing GOV.UK Verify identity assurance scheme, the government has today broadened the range of suppliers on the programme's framework. The scheme is intended to act as an identity assurance "marketplace", allowing users to choose from a range of identity providers to authenticate …
Kat Hall, 25 Mar 2015

Universal Credit could take 10 YEARS to finish, says Labour MP

The government's disastrous £700m Universal Credit programme could take up to 10 years to complete, Labour MP Stephen Timms informed El Reg on Thursday. "I've been reliably told by someone formerly working on the programme that it will take ten years to complete. Based on the evidence, I have no reason not to believe that time- …
Kat Hall, 13 Mar 2015
SoftLayer's data center

SCC bags universal credit hosting contract

Reseller and IT services outfit SCC has won a two-year hosting deal for the Department for Work and Pensions' (DWP) troubled universal credit programme for a sum worth "over six figures". The deal was awarded through the G-Cloud and is part of the DWP's next "digital service" phase of the programme, which is currently being …
Kat Hall, 27 Feb 2015

Light-fingered Satyam founder Ramalinga Raju jailed for seven years

The former chairman of Indian outsourcing firm Satyam Computer Services has been jailed for seven years for his part in a $1.4bn (£953m) accountancy fraud scandal. The Special Central Bureau of Investigations Court in Hyderabad sentenced B. Ramalinga Raju and eight others - including auditors Subramani Gopalakrishnan and Talluri …
Kat Hall, 10 Apr 2015

Court recording biz with clients EVERYWHERE has forums breached

Australian court transcription company "For The Record" – which bills itself as "The No.1 digital evidence recording platform in the world" and says its products are "used in courtrooms throughout North America, Europe and Asia" – has had its forum hacked. The firm is used by the likes of the Victorian and NSW Supreme courts to …
Darren Pauli, 27 Mar 2015

Gov departments still splashing BILLIONS on big-ticket IT projects

Big Whitehall departments got the green light to splash more than a billion pounds on IT projects last year, data analysis by The Register can reveal. A total of £1.4bn was handed out to the six largest government departments according to their spend exemption data, which is made available as part of the government's commitment …
Kat Hall, 10 Mar 2015
Sad cloud

EU governments are CRAP at cloud, moans Brussels' infosec watchdog

European governments haven’t got a clue how to implement cloud services. So say the EU's own cybersecurity experts. ENISA (the European Network and Information Security Agency) has released a report on the adoption of something it calls “Gov Cloud”, defined as “a deployment model to build and deliver services to state agencies ( …
Jennifer Baker, 28 Feb 2015