Feeds

Articles about Audit

TrueCrypt

TrueCrypt audit: Probe's nearly all the way in ... no backdoor hit yet

The first phase of crowd-funded audit of TrueCrypt has turned up several vulnerabilities, but nothing particularly amiss and certainly nothing that looks like a backdoor. iSEC Partners, which was contracted to carry out the audit by the Open Crypto Audit Project (OCAP), ‪found‬ 11 vulnerabilities in the full disk and file …
John Leyden, 15 Apr 2014
Bittorrent logo detail

Cries of spies as audit group finds possible 'backdoor' in Bittorrent Sync

Popular file sharing platform BitTorrent Sync is 'probably' leaking hashes to its website and access to shared data, a group audit has found. The platform downloaded some 10 million times allowed users to synchronise data over networks using encrypted peer-to-peer at speeds said to be 16 times faster than Dropbox, using …
Darren Pauli, 18 Nov 2014
TrueCrypt

TrueCrypt audit project founder: 'We've set our sights high'

A TrueCrypt audit project has uncovered a well of technical support with its plans to publicly audit the widely used disk and file encryption utility for the first time. TrueCrypt is a widely used utility that encrypts and decrypts entire drives, partitions or files within a virtual disk. The tool can also hide volumes of data …
John Leyden, 18 Nov 2013
TrueCrypt

Crowdfunded audit of 'NSA-proof' encryption suite TrueCrypt is GO

A fundraising effort to pay for an independent, professional security audit of TrueCrypt, the popular disk encryption utility, has raised enough money to pay for an arguably long overdue audit of the security software. TrueCrypt is a widely used utility that encrypts and decrypts entire drives, partitions or files within a …
John Leyden, 06 Nov 2013
francis_maude_flames_evil

National Audit Office tears government's savings claims in HALF

The National Audit Office has questioned the Cabinet Office's weighty ICT savings claims and revealed it still does not know how many small biz suppliers are winning public sector contracts. Minister Francis Maude's merry band claims it saved taxpayers £702m on tech and comms spending in fiscal 2012 ended March - £354m through …
Paul Kunert, 23 Jan 2013

VMware's tool to harden virtual networks: a spreadsheet

VMware has released a guide to hardening its NSX virtual networking and product. The guide published online by VMware information security professional Pravin Goyal, covers management, control and data planes. It recommends including audit logs and system events in backups, enabling and securing remote logging for the NSX …
Darren Pauli, 14 Oct 2014
The Register breaking news

Security audit finds dev OUTSOURCED his JOB to China to goof off at work

A security audit of a US critical infrastructure company last year revealed that its star developer had outsourced his own job to a Chinese subcontractor and was spending all his work time playing around on the internet. The firm's telecommunications supplier Verizon was called in after the company set up a basic VPN system with …
Iain Thomson, 16 Jan 2013
Spam image

Ten years on, TEN PER CENT of retailers aren't obeying CAN-SPAM

One in 10 of the world’s largest online retailers are sill violating the CAN-SPAM Act, a full 10 years after the US anti-spam legislation went into effect. The finding comes from an audit by the Online Trust Alliance (OTA), a non-profit with the mission to enhance online trust. They also found that 70 per cent of 200 online …
John Leyden, 18 Sep 2014
Downing Street road sign

Universal Credit CRISIS: Up to £200m in IT spend WASTED – NAO

Around £219m in IT investments in the much-maligned Universal Credit programme may be written off, a National Audit Office report has revealed today. To date, £344m in IT investment has been sunk into the programme, but just £125m of those assets are currently in use. The NAO revealed the department has written off a further £ …
Kat Hall, 26 Nov 2014

China hacked US Army transport orgs TWENTY TIMES in ONE YEAR

Sophisticated Beijing-backed hackers raided civilian organisations responsible for the movements of US troops and equipment 20 times in one year of which only two were detected by the responsible agency, an audit report has found. Contractors underneath the US Transportation Command (TRANSCOM) agency were hacked a total of 50 …
Darren Pauli, 18 Sep 2014
fingers pointing at man

Child labour, lost wages uncloaked by Apple factories audit

Apple has for the first time released a complete list of its suppliers [PDF], publishing the names of 156 companies who make the parts for everything from Macbook screens to iPad covers. The list includes well-publicised contracts, such as Apple's mega deals with Samsung and LG, as well as more obscure deals with smaller …
Anna Leach, 16 Jan 2012

Ireland's data cops: Yes, we probed LinkedIn. Don't ask what we found

Ireland’s data protection authorities will not publish the results of an audit they carried out on digital CV site LinkedIn. Ciara O'Sullivan, spokeswoman for the Irish Data Protection Commissioner, said that the watchdog “owes a duty of confidentiality to organisations it investigates”. She added that it was up to the …
Jennifer Baker, 05 Nov 2014
Fight sticker

Oracle users open can of whup-ass on licensing policies

Businesses view relations with Oracle as “hostile” and are “filled with deep-rooted mistrust”, according to a six month end-user survey on software compliance conducted by the Campaign for Clear Licensing (CCL). The not-for-profit organ probed (PDF) 100 hard-pressed IT and software asset managers, licensing specialists and tech …
Paul Kunert, 03 Nov 2014
The Register breaking news

Facebook spurns privacy probe as 'routine audit'

Facebook's international headquarters are in Dublin, Ireland, where the company just so happens to face a regulatory probe into the handling of personal data on the social network. According to the RTE, the Irish data protection commissioner will carry out a privacy audit of the site in November. That's potentially a big deal, …
Kelly Fiveash, 30 Sep 2011
For Sale sign detail

Acer writes off $150m as audit finds 'abnormalities'

Acer CEO and Chairman JT Wang has relinquished his remuneration package including bonuses from 2010 after the firm unearthed "abnormalities" in channel inventory across EMEA that will cost it US $150m (£91m) to write off. The Taiwanese giant will also cut board directors' pay packages by 50 per cent, ask staff to take a 40 per …
Paul Kunert, 01 Jun 2011
The MSN Santa (unconfirmed)

Google's elves work on Santa to rein(deer) in grinchware

Google's elves have been busy working on a toy for all the girls and boys who run Mac OS and worry about getting a virus. “Santa” is billed as “a binary whitelisting/blacklisting system for Mac OS X”, can be found on GitHub and “keeps track of binaries that are naughty and nice.” Nice binaries get to run. Naughty binaries get a …
Simon Sharwood, 25 Nov 2014

Labour vows: We'll pause one-dole-to-rule-them-all for drastic fix-up if elected in 2015

The Labour Party has promised to put the brakes on the deeply troubled Universal Credit system for three months if it gets into government next year. During that time, shadow work and pensions minister Rachel Reeves said that Labour would urge the National Audit Office to conduct a review of the lumpen welfare reform programme. …
Kelly Fiveash, 24 Jun 2014
The Register breaking news

Wales Audit Office boss sacked amidst laptop smut claims

Jeremy Colman, Auditor General for Wales has resigned from his £170,000 a year post after porn material was allegedly found on his laptop. In fact, the post is in the gift of the Queen, so his resignation has been forwarded on to her. The National Assembly is now looking for an interim successor. His laptop was seized, The …
John Oates, 04 Feb 2010
LIFE_SUPPORT_HEART_AND_LUNG_MACHINE

TrueCrypt hooked to life support in Switzerland: 'It must not die' say pair

Two programmers hope to resurrect development of disk-encryption tool TrueCrypt after its original developers quit the project. The official TrueCrypt.org website abruptly shut up shop last week ostensibly because its secretive maintainers felt they could no longer keep the software secure. They blamed the Microsoft's …
John Leyden, 04 Jun 2014

US Social Security 'wasted $300 million on an IT BOONDOGGLE'

Members of the US Congress are demanding answers from the Social Security Administration (SSA) over an ongoing IT project that has racked up a $288m bill without deploying a field-ready product. A trio of representatives from the House Oversight Committee said in a letter to the SSA that they had "serious problems" with the way …
Shaun Nichols, 24 Jul 2014

SHOCK HORROR: Oz's biggest govt agencies to miss infosec deadline

Australia's largest government agencies will miss a July deadline to implement even basic information security controls. The Australian National Audit Office's (ANAO's) annual report says that the country's biggest government agencies won't deploy Defence-issued controls to implement fast patching and organisation-wide …
Darren Pauli, 25 Jun 2014
Photo of burning books

Flaming heck! Watchdog scolds Apple Mac, iPad fab in staff safety probe

Apple is back in the crosshairs of human rights groups, which claim the corporation has not done enough to stamp out alleged mistreatment of workers at iThing factories. China Labor Watch and Green America claim that a joint investigation has uncovered dangerous conditions and excessive working hours at a plant that produces …
Shaun Nichols, 04 Sep 2014

Satellite weather forecast: Cloudy with a chance of p0wnage

Weather predictions could be thrown into chaos if miscreants exploited a litany of dangerous and years-old holes reported in ground control for the Joint Polar Satellite System (JPSS). The flaws, of which 12,703 are considered high risk, have been detailed in a US Government audit report that examined the state of security of …
Darren Pauli, 11 Sep 2014

Emoticons blast three security holes in Pidgin :-(

Cisco researchers have reported a trio of vulnerabilities in popular instant messaging client Pidgin that allow for denial of service by way of emoticon abuse and remote arbitrary file creation. Researchers Yves Younan and Richard Johnson say the flaws have since been quietly patched, but rated a maximum CVSS score of 6.4 but …
Darren Pauli, 10 Nov 2014

UK Cabinet Office's £200m IT bonanza: I got 999 contracts but a pitch ain't won (yet)

The UK government is seeking as many as 999 firms to provide a raft of tech services across the public sector, according to a contract notice in the Official Journal of the European Union. The Cabinet Office, acting via government procurement body Crown Commercial Services, is splitting the Technology Services framework into 11 …
Paul Kunert, 05 Nov 2014
Child labourers

Another Samsung supplier fingered in new 'child labor' probe

Samsung is once again under fire from a watchdog that claims the South Korean leviathan sources components from suppliers that employ child laborers. China Labor Watch (CLW) on Thursday identified a factory called Shinyang Electronics, located in Dongguan, China, that it alleges hires children to work long hours for little pay …
Neil McAllister, 10 Jul 2014
London BMW 5-Series police car

Auditors blast Blighty cops over binned multi-million pound IT project

A new report has been highly critical of a failed £15m IT project for Surrey Police that was eventually binned by the cops. Auditors Grant Thornton published the report today on behalf of the government's Audit Commission, which said the Surrey Integrated Reporting Enterprise Network (SIREN) project had been “poorly managed”, “ …
The Register breaking news

Burned by DigiNotar, Mozilla tells cert cops to audit security

Mozilla has directed all web authentication authorities trusted by its software to conduct security audits to ensure they aren't being abused to issue counterfeit secure sockets layer certificates. Thursday's note from Kathleen Wilson, who oversees the certificate authorities included in the Firefox browser and Thunderbird …
Dan Goodin, 08 Sep 2011

Seven Apple Store staff cuffed in alleged $500k stolen iPhone scam bust

Seven Apple store employees, and a worker at Best Buy, have been arrested and charged in Florida for allegedly selling stolen iPhones. The seven Cook & Co staffers worked at the Apple Store in Fort Lauderdale, and are accused of working with phone thieves to exchange 600 stolen mobes for legitimate handsets. Police estimate the …
Iain Thomson, 15 Aug 2014

Care Bears... share: NHS England promises to heal careless data-sharing plans

NHS England is still reeling from accusations that the health service – among other things – allowed a consultancy outfit to pump sensitive patient data onto Google servers. Critics have argued that the apparently carefree and careless approach to sharing hospital records with private companies simply highlighted that a cautious …
Kelly Fiveash, 06 Mar 2014
Oculus Rift being tested by the Norwegian army

Linux Foundation flings two full-time developers at OpenSSL

The Linux Foundation's new elite tech repair team has named its initial areas of focus as it works to find and seal holes in widely-used open source software. The Linux Foundation announced on Thursday that members of the "Core Infrastructure Initiative" (CII) will dedicate resources to working on the Network Time Protocol, …
Jack Clark, 29 May 2014

Apple finance overlord Oppenheimer: I love Apple, but I gotta get this pilot licence. See ya

Apple's chief bean counter Peter Oppenheimer – the man who has been a constant during Apple's dark pre-iPod days and amid the meteoric rise since – is to call it a day at the end of September. The Cupertino finance lord manages all the grey aspects of the colourful tech vendor's biz including treasury, information systems, …
Paul Kunert, 04 Mar 2014
Money image

Luxembourg: Engine-room of the tax-break economy

Four high-profile audit firms have been named-and-shamed as architects of a tax minimisation structure used by hundreds of the world's big-name companies, including a slew in the tech sector. The International Consortium of Investigative Journalists has published details of how the structure worked, along with identifying many …
Mark is delivered to online pharmacy page

Pharmacist caught spying on friends' med records fined £1,000

A pharmacist who unlawfully spied on family and friends’ medical records has received a modest fine after he was convicted of data protection offences. Harkanwarjit Dhanju, 50, was convicted of unlawfully accessing the medical records of family members, work colleagues and local health professionals while working as a "sessional …
John Leyden, 14 Nov 2014
Satya Nadella speaking at a Microsoft cloud event

US taxmen won't say WHY they're probing Microsoft. So Redmond is suing the IRS

The US Internal Revenue Service has been digging into Microsoft's tax records from 2004 through 2009, and Redmond has filed a lawsuit against the government to find out why. In documents [PDF] filed with the US District Court of the District of Columbia on Monday, Microsoft alleges that the IRS has failed to respond to a Freedom …
Neil McAllister, 24 Nov 2014

Home Depot ignored staff warnings of security fail laundry list

Home Depot is facing claims it ignored security warnings from staff, who say prior to its loss of 56 million credit cards, it failed to update anti virus since 2007, did not consistently monitor its network for signs of attack, and failed to properly audit its eventually-hacked payment terminals. The fixer-upper retail giant …
Darren Pauli, 22 Sep 2014

Did HP just tip its hand on Autonomy? Spoiler: It was a busted flush

Autonomy has come under fire for a software deal between itself, reseller MicroTechnologies, and the Vatican – but all is not as it seems. A report published by Reuters on Friday attempted to shed light on HP-owned Autonomy's strange deal to sell technology worth $11.55m to MicroTechnologies, which was bidding on a contract to …
Jack Clark, 18 Jul 2014
The Register breaking news

Police get ready for body parts audit

UK police forces are steeling themselves for an audit of body parts. The grim task will enable forces to take stock of the parts collected as evidence over the years and release to relatives those parts no longer needed for legal purposes. The need arises first and foremost because body parts form are also evidence at a crime …
Jane Fae Ozimek, 08 Nov 2010

UK.gov's flagship infosec program ISN'T DELIVERING - but all's still well, say auditors

The UK's National Cyber Security Programme is not yet delivering on its much-vaunted economic benefits but is still a worthwhile exercise, according to a report by government auditors. An update by the National Audit Office for Parliament's Public Accounts Committee on the government’s National Cyber Security Programme said that …
John Leyden, 12 Sep 2014
Facebook privacy image

Facebook doubles ad-hacking bounty

Facebook has doubled the cash it will pay out to folks who report holes in its advertising code. The bounty will rise in a bid to entice hackers to report bugs found in its ads code following an internal security audit that squashed an undisclosed number of vulnerabilities. Security engineer Collin Greene said the Zucker-empire …
Darren Pauli, 17 Oct 2014
balaclava_thief_burglar

Did you swipe your card through one of these UPS Store tills? You may have been pwned

UPS has discovered an outbreak of debit and credit-card-reading malware in 51 of its branches in the US. Exactly which strain of malware was involved is not known; a spokesperson told The Register today: "We're still investigating the infection." It's hoped the identity of the malware will be revealed once that probe is complete …

Lovers of Tor can now sprinkle Bitcoins on its developers as thanks

The folks behind web privacy tool Tor will now accept donations in Bitcoins. The project, which attempts to anonymize connections across the internet, will team up with payment biz Bitpay to allow users to donate using the crypto-currency; BTC contributions will be ultimately converted into dollars for the developers' coffers …
Shaun Nichols, 18 Dec 2013
BBC logo 2012

‘Scapegoated’ BBC tech boss calls foul, kicks off unfair sacking tribunal

The BBC’s former technology chief John Linwood claims he was made a scapegoat for the collapse of the Digital Media Initiative – the corporation’s £125m media sharing and archiving project that was axed a year ago with nothing to show for it. Linwood was placed on gardening leave (on full £287,000 pa pay) as the project was put …
Andrew Orlowski, 07 May 2014
orange hacked.jpg

TrueCrypt considered HARMFUL – downloads, website meddled to warn: 'It's not secure'

The website of popular drive-encryption software TrueCrypt has been ripped up and replaced with a stark warning to not use the crypto-tool. It's also distributing a new version of the software, 7.2, which appears to have been compromised. It's feared the project, run by a highly secretive team of anonymous developers, has been …
Neil McAllister, 28 May 2014

Tech Data: UK accounting errors cost us $27m

Tech Data (TD) has turned to "external experts" to beef up fraud detection measures after it emerged that righting accounting wrongs at its UK sub had wiped $27m (£16.55m) off net profits for the last three years. The restatement equates to three per cent of income made during fiscal '11, '12 and '13, the periods that forensic …
Paul Kunert, 05 Feb 2014

Storage, chip slingers pledge allegiance to Linux, open source

As LinuxCon 2014 kicks off this week in Chicago, the Linux Foundation has announced that it has won new support from across the technology industry, including several hardware companies. The nonprofit organization said on Wednesday that SanDisk, Seagate, and Western Digital have become Linux Foundation members, all three of …
Neil McAllister, 21 Aug 2014
The Register breaking news

Police National Database will have audit trail

A code of practice for the forthcoming Police National Database says that an audit trail will be created to tackle abuse. Chief police officers will be responsible for auditing the activity of their own officers and no user should audit their own activities, says the document, presented to Parliament on 17 March 2010 by the …
Kable, 18 Mar 2010
Broke - empty pockets

Microsoft compliance police to NHS: We want your money

Microsoft is playing hardball with the NHS, threatening trusts and authorities with drastically increased software payments over claimed licence violations. The tough talking comes more than a year after an organisational shift began across the NHS (April '13) saw some Primary Care Trusts and strategic health authorities …
Paul Kunert, 27 Jun 2014

Auditors find encrypted chat client TextSecure is secure

Popular text and instant messaging client TextSecure would offer excellent security ... if it patched an attack vector found by a German research team conducting the first audit of the software. The app was downloaded half a million times from the Android play store and was built into the popular Cyanogenmod Android operating …
Darren Pauli, 03 Nov 2014
Electronic waste dump in China

Home Office threw £347m in the bin on failed asylum processing IT project

The Home Office frittered away hundreds of millions of taxpayer pounds on a botched tech project designed to manage immigration and asylum applications, a National Audit Office report has revealed. The "flagship" IT programme, the Immigration Case Work computer system, was launched in 2010 to replace fragmented systems and pull …
Paul Kunert, 22 Jul 2014