Articles about Audit

Image by Ensuper http://www.shutterstock.com/gallery-585532p1.html

Dovecot mailserver graded 'nearly impenetrable'

POP and IMAP mailserver suite Dovecot has passed an extensive audit by hackers, who were able to find only three minor vulnerabilities. Dovecot is especially popular with service providers, so the news that four Cure53 researchers have given it a "thoroughly all-encompassing" audit and found the software to have "excellent …
Darren Pauli, 17 Jan 2017
Halo 5: Guardians - Microsoft XBOX ONE

DataGravity moves away from arrays to become a virtualised data guardian

Analysis Startup DataGravity laid off staff in February last year and subsequently pivoted away from building and selling its Discovery Series array line to building a shipping virtual appliance using its Discovery Series array software as a basis. DataGravity for Virtualisation (DGfV) runs as a virtual machine and operates in vSphere …
Chris Mellor, 16 Jan 2017

Calls for UK.gov's tax digitisation plans to be put on the back burner

The UK government's tax digitisation plan could be delayed by at least a year after the Treasury Committee exposed "serious shortcomings" with the programme. In 2015 Her Majesty's Revenue & Customs (HMRC) was awarded £1.3bn of digital investment over four years, which it said would yield £1bn in extra tax revenue after 2020 by …
Kat Hall, 16 Jan 2017

Thanks, Obama: NSA to stream raw intelligence into FBI, DEA and pals

A last-minute rule change signed off by the outgoing Obama administration has made it much easier for the NSA to share raw surveillance data with more than a dozen government agencies. The changes [PDF] are tacked onto executive order 12333, which was enacted by then-President Ronald Reagan to allow intelligence agencies to …
Iain Thomson, 12 Jan 2017

IBM: Hm, medical record security... security... Got it – we need blockchains

IBM says it will partner with the US Food and Drug Administration (FDA) on a study of whether blockchain technology could be used to securely transfer medical information. Big Blue says that its Watson Health unit will work with the FDA on a study aimed at pitching a framework for the use of blockchain technologies to make the …
Shaun Nichols, 12 Jan 2017

Google Cloud unlocks key achievement

Google on Wednesday introduced its Cloud Key Management Service in beta to help Google Cloud Platform customers deal with their encryption keys. "Cloud KMS offers a cloud-based root of trust that you can monitor and audit," said product manager Maya Kaczorowski in a blog post. "As an alternative to custom-built or ad-hoc key …
Thomas Claburn, 12 Jan 2017
Grain silos by Scott Davis

How do file store-and-share firms avoid that sinking syncing feeling?

Interview With the demise of Bitcasa, EMC selling off Syncplicity, and so forth, the enterprise file sync and share market might appear moribund. What’s happened is a trend of consolidation plus an addition of functionality for other content functions. EFSS on its own is no longer viable. That’s the underlying message we received from …
Chris Mellor, 11 Jan 2017
Wages

Google gives up YOUR private data to US govt – but won't hand over its OWN staff personal info

The US Department of Labor is suing Google for details of its staff's wages – though the Chocolate Factory claims it's bending over backwards to comply with the bureaucrats' demands. This is the same advertising giant that loves keeping tabs on hundreds of millions of netizens, and coughs up people's private information to …
Iain Thomson, 05 Jan 2017

Capita is STILL the BIGGEST tech services supplier to UK.gov

Despite all the mini fires burning at beleaguered Capita, the much maligned outsourcing giant remained the UK's biggest public sector tech services supplier in 2016 as revenues swelled to £1.9bn. An annual report by analyst TechMarketView found the firm that everyone loves to hate increased top line sales 5 per cent year-on- …
Kat Hall, 22 Dec 2016
negotiation

Wassenaar weapons pact talks collapse leaving software exploit exports in limbo

Security researchers face continued uncertainty after talks broke down between US negotiators and 40 other countries over the state of exploit exports. The negotiations concern the Wassenaar Arrangement, an arms-control pact in which members agree to limit the export of certain types of weaponry and "dual-use products." …
Iain Thomson, 21 Dec 2016
THistle, the national flower of scotland, being bothered by a bee. Photo by Shutterstock

HMRC IT cockup misses nearly 1m Scottish taxpayers for devo PAYE letters

Plans to raise income tax paid by Scottish earners have got off to a rocky start, after a database scan failed to identify 420,000 people who should be paying tax. The UK's National Audit Office found that a selection error meant that HMRC overlooked nearly one million residents in Scotland whose addresses were not already …
Kat Hall, 20 Dec 2016
Hunter photo via Shutterstock

Oracle finally targets Java non-payers – six years after plucking Sun

Oracle is massively ramping up audits of Java customers it claims are in breach of its licences – six years after it bought Sun Microsystems. A growing number of Oracle customers and partners have been approached by Larry Ellison’s firm, which claims they are out of compliance on Java. Oracle bought Java with Sun Microsystems …
Gavin Clarke, 16 Dec 2016
Tavis Ormandy's Symantec exploit

Dear hackers, Ubuntu's app crash reporter will happily execute your evil code on a victim's box

Users and administrators of Ubuntu Linux desktops are being advised to patch their systems following the disclosure of serious security flaws. Researcher Donncha O'Cearbhaill, who discovered and privately reported the vulnerabilities to the Ubuntu team, said that a successful exploit of the bugs could allow an attacker to …
Shaun Nichols, 15 Dec 2016

Security! experts! slam! Yahoo! management! for! using! old! crypto!

Analysis Fallen web giant Yahoo! has been branded negligent for failing to tackle the prodigious challenge of upgrading its MD5 password hashing before some one billion accounts were stolen. The security-battered organisation revealed today that attackers had stolen more than a billion accounts in August 2013 in history's biggest …
Darren Pauli, 15 Dec 2016

Well, well. Auditors say UK govt procurement body hasn't saved your tax cash

The UK government's procurement arm, the Crown Commercial Service, has failed to save taxpayers' cash – according to the National Audit office. CCS is responsible for funnelling billions of pounds of IT spend through large framework contracts, a practice which tends to favour larger suppliers. It was responsible for £12.8bn in …
Kat Hall, 13 Dec 2016
Peter Capaldi in bbc2 political satire The Thick of It. Copyright BBC

Shared services centres flop: Only one UK.gov department uses them

The government's plan to move all of Whitehall's back office IT into shared services centres has been such a flop, all but one department has pulled out of the scheme, according to the National Audit Office. The shared services centres, run separately by IT provider Arvato and French outsourcer Sopra Steria, were set up in …
Kat Hall, 08 Dec 2016

Stealing, scamming, bluffing: El Reg rides along with pen-testing 'red team hackers'

Feature "Go to this McDonald's," Chris Gatford told me. "There's a 'Create Your Taste' burger-builder PC there and you should be able to access the OS. Find that machine, open the command prompt and pretend to do something important. "I'll be watching you." Gatford instructed your reporter to visit the burger barn because he …
Darren Pauli, 08 Dec 2016
A brick tunnel

Santa says you've been nice kids: OpenVPN to get security audit

Johns Hopkins University crypto professor Dr Matthew Green is to lead a security audit of OpenVPN 2.4. The open source VPN project, published at GitHub, has been compiled for everything from Solaris to Windows, passing various Linux and BSD distributions along the way (including OSX); Windows and Android (and jailbroken iOSs …
Office Space

Printer security is so bad HP Inc will sell you services to fix it

Printer security is so awful HP Inc is willing to shut off shiny features and throw its own dedicated bodies at the perennial problem. The tech giant is offering the professional security services under its new and far-harder-than-before "Secure Managed Print Services" offering unveiled today. Security types will also provide …
Team Register, 06 Dec 2016
AWS boss Andy Jassy speaking at AWS SFO Summit 2015

AWS hops aboard Internet of Things bandwagon

Amazon has jumped aboard the Internet of Things bandwagon, offering to certify its APN Partners as "Amazon IoT Competency Partners", it announced at its AWS re:Invent conference. "To become an AWS IoT Competency Partner, you must meet a number of requirements, such as providing use case-specific public customer references, and …
Gareth Corfield, 30 Nov 2016
editorial only image of Whitehall. Pic Daniel Gale/Shutterstock

Sharing's caring? Not when you spread data across gov willy-nilly

Digital Economy Bill Privacy campaigners and academics have called for the removal of personal data sharing proposals in the forthcoming Digital Economy Bill. The Bill puts government ministers in control of citizens' personal data, "a significant change in the relationship between citizen and state," wrote 26 signatories in a letter to The …
Kat Hall, 25 Nov 2016
Image by Ensuper http://www.shutterstock.com/gallery-585532p1.html

Mozilla hackers audit cURL file transfer toolkit, give it a tick for security

Mozilla has given the widely-used cURL file transfer library a thumbs up in a security audit report that uncovered nine vulnerabilities. Of those found in the free security review were four high severity vulnerabilities leading to potential remote code execution, and the same number of medium risk bugs. One low risk man-in-the …
Darren Pauli, 25 Nov 2016
Election hacking

CompSci Prof raises ballot hacking fears over strange pro-Trump voting patterns

Donald Trump's surprise win in the United States' presidential election could conceivably be attributed to illegal hacking and needs to be investigated, according to a security expert. A statistical analysis by J Alex Halderman, professor of computer science at the University of Michigan's Center for Computer Security and …
Iain Thomson, 24 Nov 2016

Google DeepMind inks 5-year agreement with NHS for 'Streams' app

DeepMind Health, the healthcare arm of the artificial intelligence business owned by Google, has signed a deal with the Royal Free London NHS Foundation Trust to provide an app called Streams. The deal, which establishes a five-year partnership between the organisations, builds on DeepMind Health's pilot project with the Trust …

Emergency services 4G by 2020? And monkeys could fly out of my butt

Users of the UK government's plans to shove the emergency services on to a 4G network by March 2020 are sceptical about the programme's timetable. Perhaps somewhat unsurprisingly, since a scheme of this scale has never before been tried anywhere else in the world. The Emergency Services Network (ESN) – set to replace the Tetra …
Kat Hall, 17 Nov 2016
cloud

Dropbox upgrade adds nice bits for sysadmins

Sysadmins need a "nice" user experience, and Daniel Iversen, head of solution architects for Dropbox Asia Pacific, told The Register that was in mind when the company pushed out a bunch of new admin capabilities. In other words: this is “not about a feature race”, he said, rather a more deliberate – and staged – upgrade …

'Trust it': Results of Signal's first formal crypto analysis are in

Encrypted SMS and voice app Signal has passed a security audit with flying colours. As explained in a paper titled A Formal Security Analysis of the Signal Messaging Protocol [PDF], published by the International Association for Cryptologic Research, Signal has no discernible flaws and offers a well-designed and compromise- …
Darren Pauli, 08 Nov 2016

Capita STILL hasn't delivered usable Army recruitment IT system

Infamous IT bungler Capita still hasn't delivered usable ICT systems for British Army recruitment, despite signing the contract to do so five years ago, it emerged in Parliament on Tuesday. Crapita Capita has a contract with the Ministry of Defence, the Recruitment Partnering Project, which was signed for £1.3bn in 2012 to …
Gareth Corfield, 02 Nov 2016
Container ship, photo via Dmitry Chulov Shutterstock

Apcera pitches escape from IT hamster wheel

Apcera, a San Francisco-based maker of container management software, on Tuesday plans to update the Apcera Platform with capabilities to help enterprises deal with containers more effectively. Apcera's software allows companies to deploy and manage cloud-native and legacy applications using on-premises, hybrid, or cloud …
Thomas Claburn, 01 Nov 2016

Government Digital Service under review after rural payments cockup

Whitehall's spending watchdog is to review the achievements of the Government Digital Service in light of the Rural Payments Agency's IT disaster. In an update note on the Rural Payments Agency's Common Agricultural Policy IT system on Monday, the National Audit Office said it will shortly be undertaking a review of GDS's …
Kat Hall, 24 Oct 2016
ATM

Three million debit cards at risk after hackers raid Indian payment systems

A suspected security breach has led banks in India to warn 3.25 million customers to replace their debit cards or change the PINs. National Payments Corporation of India (NCPI), the umbrella organization for the nation's retail IT systems, said customers at 19 banks were affected. We're told 641 people have been defrauded – …
Iain Thomson, 20 Oct 2016
editorial only image of Whitehall. Pic Daniel Gale/Shutterstock

Buck up, UK.gov. You need to get a grip on failing shared services centres - PAC

MPs have urged the Cabinet Office to get a grip on its embarrassing efforts to consolidate departments' back offices into two privately owned shared services centres. Moves to shift departments' back office servers and ERP systems were announced to much fanfare four years ago - but have yet to save the government any cash …
Kat Hall, 19 Oct 2016
Spock

You work so hard on coding improvements... and it's all undone by a buggy component

Nearly all (97 per cent) of Java applications contain at least one component with a known vulnerability, according to a new study by app security firm Veracode. Veracode reports year-over-year improvements in the code organisations write, a positive finding somewhat undone by the increasing proliferation of risk from open …
John Leyden, 18 Oct 2016

Audit sees VeraCrypt kill critical password recovery, cipher flaws

Security researchers have found eight critical, three medium, and 15 low -severity vulnerabilities in a one month audit of popular encryption platform VeraCrypt. The audit is the latest in a series prompted by the shock abandoning of TrueCrypt in May 2014 due to unspecified security concerns claimed by the hitherto trusted …
Darren Pauli, 18 Oct 2016
Losing money

The IRS spaffed $12m on Office 365 subscription IT NEVER USED

A report on spending from the office of the US Treasury Inspector General for Tax Administration (TIGTA) claims that between June 2015 and June 2016, the tax collectors paid $12m for subscriptions on Microsoft Office 365 and Exchange Online that were never used. The TIGTA report [PDF] found that in 2014, the IRS kicked off a …
Shaun Nichols, 14 Oct 2016

You've been hacked. What are you liable for?

Hacking is big news and we’re all susceptible. In the UK, hackers could face jail time under the Computer Misuse Act, but the question on many businesses’ minds will be where the liability lies if they are hacked. The list of successful mega breaches continues to grow; extra-marital affairs site Ashley Madison hit the …
Frank Jennings, 14 Oct 2016
 Putting text-reading robots to work. Arthur_Caranta, CC BY-SA

S&M Cloud's IBM hookup

Spanish cloud provider S&M Cloud has integrated SME's Private Enterprise File Share and Sync Fabric with IBM's SoftLayer cloud object storage. S&M Cloud is one of IBM's SoftLayer partners in Spain. SME is UK-based Storage Made Easy. They claim the joint SoftLayer + SME offering means customers can manage corporate …
Chris Mellor, 13 Oct 2016
Data_image_via_Shutterstock

Understand your data and make good decisions

Promo Data, data everywhere and not an insight in sight. Tableau, the business intelligence and analytics software firm, is on a mission to help you see and understand your data and enable you to make informed, fast decisions. Tableau uses its own software everyday throughout the business and wants to show you how it does this in " …
David Gordon, 11 Oct 2016

Heads roll as Qihoo 360 moves to end WoSign, StartCom certificate row

After being pinged by Mozilla for issuing backdated SHA-1 certificates, Chinese certificate authority WoSign's owner has put the cleaners through the management of WoSign and StartCom. Mozilla put WoSign and StartCom on notice at the end of September. As part of its response, the company has posted around 200,000 certificates …
cloud

Secure cloud doesn’t always mean your stuff in it is secure too

IPExpo “Picking a secure cloud partner is not as trivial as it may seem. Don't assume that because the cloud is secure, your business within the cloud is secure,” Unisys’ chief trust officer Tom Patterson said today. Alongside Patterson and giving a joint keynote speech about lowering costs and risks in the cloud this morning was AWS …
Gareth Corfield, 06 Oct 2016

Citizens don't trust UK.GOV with their data

UK citizens have little faith in the government's ability to securely handle their private data - according to a wide-ranging survey which echoes findings by the National Audit Office. Just 22 per cent believed that the government has appropriate means to stop cyber-attacks and identity breaches, according to 1,500 citizens …
Kat Hall, 06 Oct 2016

How does a hybrid infrastructure fit my accreditations?

Security-related certifications such as ISO 27001 and, more particularly, the Payment Card Industry Data Security Standard (PCI-DSS), have stringent requirements regarding the controls on infrastructure, how data is routed and stored around it, and so on. Particularly in the cloud components of a hybrid setup, the control you …
Dave Cartwright, 06 Oct 2016
Pic: Shutterstock

CloudFlare shows Tor users the way out of CAPTCHA hell

CloudFlare has backed up its promise to get rid of the CAPTCHAs that Tor users complain discriminate against them. The content distribution network's (CDN's) hated CAPTCHAs make browsing an unhappy experience for Tor users by offering rather too many challenges. Worse yet, they drop a cookie on validated users' browsers and …
Australian Parliament House Canberra

Australia's e-Senate vote count: a good start but needs improvement

An international group of security, encryption, and electoral academics believe Australia's Senate voting software needs an audit. The group, including researchers from MIT, UC Berkeley, and the University of Melbourne, took a look (PDF) at the Australian Electoral Commission's (AEC's) implementation of electronic counting for …
Businessman makes A-OK sign. Photo by Shutterstock

Avoid the dreaded auditor's smirk: Smart policies and procedures for the hybrid cloud

When you get to a certain age, and you've been in the IT industry for enough years, you start to get an idea of what auditors are looking for when they descend on you and ask you pointed questions about your systems. And I don't just mean security auditors: if your company has an annual financial audit the team which comes to …
Dave Cartwright, 04 Oct 2016

Dirty diesel backups will make Hinkley Point C look like a bargain

Britain signed off on the most costly energy deal it has ever made this week – but the price we agreed for energy from Hinckley is still lower than the peak prices that will hit British wallets even harder, and sooner. Current commitments to renewable generation will cost each household £466 by 2020/21, the centre-right think …
Andrew Orlowski, 30 Sep 2016
Super-villain Dr Evil puts finger to lip in scheming manner, asks for one million dollars. Pic: New Line Cinema

VESK coughs up £18k in ransomware attack

Exclusive Hosted desktop and cloud provider VESK is staggering back to its feet after paying 29 Bitcoins (£18,600) in a ransomware attack earlier this week. VESK became aware that one of its environments had been impacted by a ransomware virus on Monday (26 September) at 3am. This virus was a new strain of the Samas DR ransomware, …
Kat Hall, 29 Sep 2016

Internet of Things security? Start with who owns the data

“Defence is only as strong as the weakest link,” said Tim Phipps of Solarflare at today’s Cambridge Wireless event on security within the Internet of Things. Today's Cambridge Wireless event was part of its Special Interest Group focusing on security and defence. In particular, on securing and defending the Internet of Things …
Gareth Corfield, 28 Sep 2016
editorial only image of Whitehall. Pic Daniel Gale/Shutterstock

UK.gov is doing sod all to break £20bn of locked-in IT contracts

Analysis If IT wasn't perceived to be such a boring topic by Joe Public, the amount the government still spends on expensive clunky technology would be viewed as a national scandal. Across the entire public sector the annual figure has been pegged at around £20bn. No one knows for sure. As long as Whitehall's money is locked into …
Kat Hall, 28 Sep 2016
IT Crowd's Roy: "Have you turned it off and on again?"

Sysadmin gets 5 years for slurping contractor payments to employer

A 49-year-old IT bloke from Essex has been sentenced to five years' imprisonment on two counts of fraud after his cunning plan to steal £450,000 from his employer was uncovered... almost immediately. Adeshola Dada, of Watts Crescent, Purfleet, Essex, was employed in the IT department of Genesis Housing Association, where he …