Feeds

Articles about Audit

TrueCrypt

TrueCrypt audit: Probe's nearly all the way in ... no backdoor hit yet

The first phase of crowd-funded audit of TrueCrypt has turned up several vulnerabilities, but nothing particularly amiss and certainly nothing that looks like a backdoor. iSEC Partners, which was contracted to carry out the audit by the Open Crypto Audit Project (OCAP), ‪found‬ 11 vulnerabilities in the full disk and file …
John Leyden, 15 Apr 2014
TrueCrypt

TrueCrypt audit project founder: 'We've set our sights high'

A TrueCrypt audit project has uncovered a well of technical support with its plans to publicly audit the widely used disk and file encryption utility for the first time. TrueCrypt is a widely used utility that encrypts and decrypts entire drives, partitions or files within a virtual disk. The tool can also hide volumes of data …
John Leyden, 18 Nov 2013
TrueCrypt

Crowdfunded audit of 'NSA-proof' encryption suite TrueCrypt is GO

A fundraising effort to pay for an independent, professional security audit of TrueCrypt, the popular disk encryption utility, has raised enough money to pay for an arguably long overdue audit of the security software. TrueCrypt is a widely used utility that encrypts and decrypts entire drives, partitions or files within a …
John Leyden, 06 Nov 2013

VMware's tool to harden virtual networks: a spreadsheet

VMware has released a guide to hardening its NSX virtual networking and product. The guide published online by VMware information security professional Pravin Goyal, covers management, control and data planes. It recommends including audit logs and system events in backups, enabling and securing remote logging for the NSX …
Darren Pauli, 14 Oct 2014
francis_maude_flames_evil

National Audit Office tears government's savings claims in HALF

The National Audit Office has questioned the Cabinet Office's weighty ICT savings claims and revealed it still does not know how many small biz suppliers are winning public sector contracts. Minister Francis Maude's merry band claims it saved taxpayers £702m on tech and comms spending in fiscal 2012 ended March - £354m through …
Paul Kunert, 23 Jan 2013
The Register breaking news

Security audit finds dev OUTSOURCED his JOB to China to goof off at work

A security audit of a US critical infrastructure company last year revealed that its star developer had outsourced his own job to a Chinese subcontractor and was spending all his work time playing around on the internet. The firm's telecommunications supplier Verizon was called in after the company set up a basic VPN system with …
Iain Thomson, 16 Jan 2013
Spam image

Ten years on, TEN PER CENT of retailers aren't obeying CAN-SPAM

One in 10 of the world’s largest online retailers are sill violating the CAN-SPAM Act, a full 10 years after the US anti-spam legislation went into effect. The finding comes from an audit by the Online Trust Alliance (OTA), a non-profit with the mission to enhance online trust. They also found that 70 per cent of 200 online …
John Leyden, 18 Sep 2014

China hacked US Army transport orgs TWENTY TIMES in ONE YEAR

Sophisticated Beijing-backed hackers raided civilian organisations responsible for the movements of US troops and equipment 20 times in one year of which only two were detected by the responsible agency, an audit report has found. Contractors underneath the US Transportation Command (TRANSCOM) agency were hacked a total of 50 …
Darren Pauli, 18 Sep 2014
fingers pointing at man

Child labour, lost wages uncloaked by Apple factories audit

Apple has for the first time released a complete list of its suppliers [PDF], publishing the names of 156 companies who make the parts for everything from Macbook screens to iPad covers. The list includes well-publicised contracts, such as Apple's mega deals with Samsung and LG, as well as more obscure deals with smaller …
Anna Leach, 16 Jan 2012
The Register breaking news

Facebook spurns privacy probe as 'routine audit'

Facebook's international headquarters are in Dublin, Ireland, where the company just so happens to face a regulatory probe into the handling of personal data on the social network. According to the RTE, the Irish data protection commissioner will carry out a privacy audit of the site in November. That's potentially a big deal, …
Kelly Fiveash, 30 Sep 2011

Labour vows: We'll pause one-dole-to-rule-them-all for drastic fix-up if elected in 2015

The Labour Party has promised to put the brakes on the deeply troubled Universal Credit system for three months if it gets into government next year. During that time, shadow work and pensions minister Rachel Reeves said that Labour would urge the National Audit Office to conduct a review of the lumpen welfare reform programme. …
Kelly Fiveash, 24 Jun 2014
For Sale sign detail

Acer writes off $150m as audit finds 'abnormalities'

Acer CEO and Chairman JT Wang has relinquished his remuneration package including bonuses from 2010 after the firm unearthed "abnormalities" in channel inventory across EMEA that will cost it US $150m (£91m) to write off. The Taiwanese giant will also cut board directors' pay packages by 50 per cent, ask staff to take a 40 per …
Paul Kunert, 01 Jun 2011

US Social Security 'wasted $300 million on an IT BOONDOGGLE'

Members of the US Congress are demanding answers from the Social Security Administration (SSA) over an ongoing IT project that has racked up a $288m bill without deploying a field-ready product. A trio of representatives from the House Oversight Committee said in a letter to the SSA that they had "serious problems" with the way …
Shaun Nichols, 24 Jul 2014
LIFE_SUPPORT_HEART_AND_LUNG_MACHINE

TrueCrypt hooked to life support in Switzerland: 'It must not die' say pair

Two programmers hope to resurrect development of disk-encryption tool TrueCrypt after its original developers quit the project. The official TrueCrypt.org website abruptly shut up shop last week ostensibly because its secretive maintainers felt they could no longer keep the software secure. They blamed the Microsoft's …
John Leyden, 04 Jun 2014

SHOCK HORROR: Oz's biggest govt agencies to miss infosec deadline

Australia's largest government agencies will miss a July deadline to implement even basic information security controls. The Australian National Audit Office's (ANAO's) annual report says that the country's biggest government agencies won't deploy Defence-issued controls to implement fast patching and organisation-wide …
Darren Pauli, 25 Jun 2014
The Register breaking news

Wales Audit Office boss sacked amidst laptop smut claims

Jeremy Colman, Auditor General for Wales has resigned from his £170,000 a year post after porn material was allegedly found on his laptop. In fact, the post is in the gift of the Queen, so his resignation has been forwarded on to her. The National Assembly is now looking for an interim successor. His laptop was seized, The …
John Oates, 04 Feb 2010
Photo of burning books

Flaming heck! Watchdog scolds Apple Mac, iPad fab in staff safety probe

Apple is back in the crosshairs of human rights groups, which claim the corporation has not done enough to stamp out alleged mistreatment of workers at iThing factories. China Labor Watch and Green America claim that a joint investigation has uncovered dangerous conditions and excessive working hours at a plant that produces …
Shaun Nichols, 04 Sep 2014

Satellite weather forecast: Cloudy with a chance of p0wnage

Weather predictions could be thrown into chaos if miscreants exploited a litany of dangerous and years-old holes reported in ground control for the Joint Polar Satellite System (JPSS). The flaws, of which 12,703 are considered high risk, have been detailed in a US Government audit report that examined the state of security of …
Darren Pauli, 11 Sep 2014
Child labourers

Another Samsung supplier fingered in new 'child labor' probe

Samsung is once again under fire from a watchdog that claims the South Korean leviathan sources components from suppliers that employ child laborers. China Labor Watch (CLW) on Thursday identified a factory called Shinyang Electronics, located in Dongguan, China, that it alleges hires children to work long hours for little pay …
Neil McAllister, 10 Jul 2014
London BMW 5-Series police car

Auditors blast Blighty cops over binned multi-million pound IT project

A new report has been highly critical of a failed £15m IT project for Surrey Police that was eventually binned by the cops. Auditors Grant Thornton published the report today on behalf of the government's Audit Commission, which said the Surrey Integrated Reporting Enterprise Network (SIREN) project had been “poorly managed”, “ …

Seven Apple Store staff cuffed in alleged $500k stolen iPhone scam bust

Seven Apple store employees, and a worker at Best Buy, have been arrested and charged in Florida for allegedly selling stolen iPhones. The seven Cook & Co staffers worked at the Apple Store in Fort Lauderdale, and are accused of working with phone thieves to exchange 600 stolen mobes for legitimate handsets. Police estimate the …
Iain Thomson, 15 Aug 2014

Care Bears... share: NHS England promises to heal careless data-sharing plans

NHS England is still reeling from accusations that the health service – among other things – allowed a consultancy outfit to pump sensitive patient data onto Google servers. Critics have argued that the apparently carefree and careless approach to sharing hospital records with private companies simply highlighted that a cautious …
Kelly Fiveash, 06 Mar 2014
The Register breaking news

Burned by DigiNotar, Mozilla tells cert cops to audit security

Mozilla has directed all web authentication authorities trusted by its software to conduct security audits to ensure they aren't being abused to issue counterfeit secure sockets layer certificates. Thursday's note from Kathleen Wilson, who oversees the certificate authorities included in the Firefox browser and Thunderbird …
Dan Goodin, 08 Sep 2011
Oculus Rift being tested by the Norwegian army

Linux Foundation flings two full-time developers at OpenSSL

The Linux Foundation's new elite tech repair team has named its initial areas of focus as it works to find and seal holes in widely-used open source software. The Linux Foundation announced on Thursday that members of the "Core Infrastructure Initiative" (CII) will dedicate resources to working on the Network Time Protocol, …
Jack Clark, 29 May 2014

Apple finance overlord Oppenheimer: I love Apple, but I gotta get this pilot licence. See ya

Apple's chief bean counter Peter Oppenheimer – the man who has been a constant during Apple's dark pre-iPod days and amid the meteoric rise since – is to call it a day at the end of September. The Cupertino finance lord manages all the grey aspects of the colourful tech vendor's biz including treasury, information systems, …
Paul Kunert, 04 Mar 2014

Home Depot ignored staff warnings of security fail laundry list

Home Depot is facing claims it ignored security warnings from staff, who say prior to its loss of 56 million credit cards, it failed to update anti virus since 2007, did not consistently monitor its network for signs of attack, and failed to properly audit its eventually-hacked payment terminals. The fixer-upper retail giant …
Darren Pauli, 22 Sep 2014

Did HP just tip its hand on Autonomy? Spoiler: It was a busted flush

Autonomy has come under fire for a software deal between itself, reseller MicroTechnologies, and the Vatican – but all is not as it seems. A report published by Reuters on Friday attempted to shed light on HP-owned Autonomy's strange deal to sell technology worth $11.55m to MicroTechnologies, which was bidding on a contract to …
Jack Clark, 18 Jul 2014

UK.gov's flagship infosec program ISN'T DELIVERING - but all's still well, say auditors

The UK's National Cyber Security Programme is not yet delivering on its much-vaunted economic benefits but is still a worthwhile exercise, according to a report by government auditors. An update by the National Audit Office for Parliament's Public Accounts Committee on the government’s National Cyber Security Programme said that …
John Leyden, 12 Sep 2014
Facebook privacy image

Facebook doubles ad-hacking bounty

Facebook has doubled the cash it will pay out to folks who report holes in its advertising code. The bounty will rise in a bid to entice hackers to report bugs found in its ads code following an internal security audit that squashed an undisclosed number of vulnerabilities. Security engineer Collin Greene said the Zucker-empire …
Darren Pauli, 17 Oct 2014
balaclava_thief_burglar

Did you swipe your card through one of these UPS Store tills? You may have been pwned

UPS has discovered an outbreak of debit and credit-card-reading malware in 51 of its branches in the US. Exactly which strain of malware was involved is not known; a spokesperson told The Register today: "We're still investigating the infection." It's hoped the identity of the malware will be revealed once that probe is complete …
The Register breaking news

Police get ready for body parts audit

UK police forces are steeling themselves for an audit of body parts. The grim task will enable forces to take stock of the parts collected as evidence over the years and release to relatives those parts no longer needed for legal purposes. The need arises first and foremost because body parts form are also evidence at a crime …
Jane Fae Ozimek, 08 Nov 2010
BBC logo 2012

‘Scapegoated’ BBC tech boss calls foul, kicks off unfair sacking tribunal

The BBC’s former technology chief John Linwood claims he was made a scapegoat for the collapse of the Digital Media Initiative – the corporation’s £125m media sharing and archiving project that was axed a year ago with nothing to show for it. Linwood was placed on gardening leave (on full £287,000 pa pay) as the project was put …
Andrew Orlowski, 07 May 2014

Lovers of Tor can now sprinkle Bitcoins on its developers as thanks

The folks behind web privacy tool Tor will now accept donations in Bitcoins. The project, which attempts to anonymize connections across the internet, will team up with payment biz Bitpay to allow users to donate using the crypto-currency; BTC contributions will be ultimately converted into dollars for the developers' coffers …
Shaun Nichols, 18 Dec 2013
orange hacked.jpg

TrueCrypt considered HARMFUL – downloads, website meddled to warn: 'It's not secure'

The website of popular drive-encryption software TrueCrypt has been ripped up and replaced with a stark warning to not use the crypto-tool. It's also distributing a new version of the software, 7.2, which appears to have been compromised. It's feared the project, run by a highly secretive team of anonymous developers, has been …
Neil McAllister, 28 May 2014

Tech Data: UK accounting errors cost us $27m

Tech Data (TD) has turned to "external experts" to beef up fraud detection measures after it emerged that righting accounting wrongs at its UK sub had wiped $27m (£16.55m) off net profits for the last three years. The restatement equates to three per cent of income made during fiscal '11, '12 and '13, the periods that forensic …
Paul Kunert, 05 Feb 2014

Storage, chip slingers pledge allegiance to Linux, open source

As LinuxCon 2014 kicks off this week in Chicago, the Linux Foundation has announced that it has won new support from across the technology industry, including several hardware companies. The nonprofit organization said on Wednesday that SanDisk, Seagate, and Western Digital have become Linux Foundation members, all three of …
Neil McAllister, 21 Aug 2014
Broke - empty pockets

Microsoft compliance police to NHS: We want your money

Microsoft is playing hardball with the NHS, threatening trusts and authorities with drastically increased software payments over claimed licence violations. The tough talking comes more than a year after an organisational shift began across the NHS (April '13) saw some Primary Care Trusts and strategic health authorities …
Paul Kunert, 27 Jun 2014
Electronic waste dump in China

Home Office threw £347m in the bin on failed asylum processing IT project

The Home Office frittered away hundreds of millions of taxpayer pounds on a botched tech project designed to manage immigration and asylum applications, a National Audit Office report has revealed. The "flagship" IT programme, the Immigration Case Work computer system, was launched in 2010 to replace fragmented systems and pull …
Paul Kunert, 22 Jul 2014
The Register breaking news

Police National Database will have audit trail

A code of practice for the forthcoming Police National Database says that an audit trail will be created to tackle abuse. Chief police officers will be responsible for auditing the activity of their own officers and no user should audit their own activities, says the document, presented to Parliament on 17 March 2010 by the …
Kable, 18 Mar 2010

HP 'KNEW' about Autonomy's hardware sales BEFORE the whistle blew: report

HP knew about Autonomy's hardware and reseller sales long before a whistleblower pointed them out and the company wrote down its acquisition by $8.8bn, the Financial Times has claimed (paywall), citing emails and Deloitte audit reports. HP has accused Autonomy of "accounting improprieties, misrepresentations and disclosure …
Prison window

UK fraud squad bends over Serco, G4S for 'phantom crims' probe

The UK's Serious Fraud Office (SFO) has launched a criminal investigation into contractors Serco and G4S after an audit allegedly suggested the companies were massively overcharging for the electronic tagging of offenders. Sources in government told The Guardian that the two firms billed Blighty for monitoring at least 18,000 …
Iain Thomson, 05 Nov 2013
Bruce Schneier

TrueCrypt turmoil latest: Bruce Schneier reveals what he'll use instead

The TrueCrypt project abruptly imploded on Wednesday – leaving folks in the infosec world scratching heads and scrambling to recommend alternatives. In the past hour, crypto-guru Bruce Schneier has told us he's switched back to Symantec's PGPDisk to encrypt his data. "I have no idea what's going on with TrueCrypt," he added on …
John Leyden, 29 May 2014
francis_maude_flames_evil

NAO slaps down Cabinet Office gov-IT savings claims AGAIN

There are lies, damned lies and Cabinet Office statistics which give the impression that the Efficiency and Reform Group are achieving much more dramatic ICT savings than they actually are. Or so says a National Audit Office report, which again criticised the processes used to calculate how much money Government Digital Services …
Paul Kunert, 17 Jul 2014

NHS slammed for MAJOR data blunders as scale of patient info sell-off is revealed

The NHS struck four "data-sharing" deals with three re-insurance companies that allowed them access to patient information under agreements that don't expire until 2015 and 2016. That's among the shocking findings of a review of data released by the NHS Information Centre - the predecessor to the Health and Social Care …
Kelly Fiveash, 17 Jun 2014

El Reg is looking for a new London sub-editor

The Register is looking for a new sub-editor to work in our London newsroom. The Register is the world's first technology tabloid and has been published exclusively online since before that was technically even possible. Our latest ABCe audit confirmed more than 9 million monthly unique browsers worldwide, including just about …
Lewis Page, 03 Jul 2014

Reading this headline? You and 9.47 million others

It's January again: and that means it's time for our annual letter from the Audit Bureau of Circulation, telling us Vultures how we did in our regular November audit of site traffic last year. Without further ado, the scores on the doors: 9,470,181 unique users paid a visit that month, up from 7,326,907 in 2012. That's a climb …
Team Register, 22 Jan 2014
channel

National Audit Office: Open data the key to 'big society'

Parliament's finance watchdog has said that stronger information strategies and more transparent government data will be key to the 'big society' agenda. The delivery of public services by charities, voluntary groups and social enterprises will require a "step change" from earlier attempts to open up government, such as the …

Auditor rains on Bureau of Met's data warehousing parade

An ambitious project to create a single national water database is going to need a complete reboot, with the Australian National Audit Office saying complexity, non-standard approaches and supplier capture caused a multi-million-dollar blowout in the system. The Bureau of Meteorology was given the task of creating the database …
nuts

From production to development databases (and back again)

In many organisations, it isn't just the production database that database administrators (DBAs) have to look after. There are several non-production versions, as well. Project teams may need one to develop on, so that they can work in isolation without affecting production. A QA team may need its own version for testing patches …
Robin Birtstone, 28 May 2014

Mozilla CTO Eich: If your browser isn't open source (ahem, ahem, IE, Chrome, Safari), DON'T TRUST IT

Mozilla CTO Brendan Eich has cautioned netizens not to blindly trust software vendors, arguing that only open-source software can be assured to be free from government-mandated surveillance code. "Every major browser today is distributed by an organization within reach of surveillance laws," Eich wrote in a joint blog post with …
Neil McAllister, 14 Jan 2014