auditing – Page 10 – WindowsTechs.com

Soon, organizations will be valued on their information portfolios

Posted on February 9, 2017 by Help Net Security

By 2021, the prevalence of equity analysts valuing organizations’ information portfolios in valuing businesses themselves will spark formal internal information valuation and auditing practices, according to Gartner. In a report containing a series of predictions about the rising importance of data and analytics, Gartner analysts said that although information arguably meets the formal criteria of a business asset, present-day accounting practices disallow organizations from capitalizing it. That is, the value of an organization’s information generally … More → Continue reading Soon, organizations will be valued on their information portfolios→

Security audit of Dovecot mailserver reveals good security practices

Posted on January 17, 2017 by Zeljka Zorz

Dovecot – a popular open source IMAP and POP3 server for Linux/UNIX-like systems – is as secure as its developers claim it is. A security audit performed by German security outfit Cure 53 revealed only three minor security issues, and they’ve all already been fixed. The audit, sponsored by Mozilla through its Open Source Support program, was performed by four code and penetration testers over the course of twenty days. They tested version 2.2.26.0 of … More → Continue reading Security audit of Dovecot mailserver reveals good security practices→

OpenVPN to get two separate security audits

Posted on December 9, 2016 by Zeljka Zorz

VPN service Private Internet Access (PIA) announced that they have contracted noted and well-reputed cryptographer Dr. Matthew Green to perform a security audit of OpenVPN. However, it seems that there will be two separate security audits of OpenVPN. “On November 22, we saw that an organization called OSTIF had announced that they had wanted to raise money in hopes of auditing OpenVPN 2.4. By the time OSTIF’s OpenVPN audit fundraising drive was announced, we were … More → Continue reading OpenVPN to get two separate security audits→

80% of digital publishers don’t know how their web traffic is audited

Posted on December 9, 2016 by Help Net Security

The burden of proof is on publishers to defend their web traffic, yet 80 percent admit they don’t have insight into how their traffic is audited, raising questions about which traffic is non-human traffic (NHT). Marketers are no longer willing to pay for NHT, with 74 percent of publishers reporting that traffic quality issues are part of pre-sales discussions, and 68 percent stating they have received requests for information (RFIs) with acceptable NHT thresholds. This … More → Continue reading 80% of digital publishers don’t know how their web traffic is audited→

Auditing Elections for Signs of Hacking

Posted on December 2, 2016 by Bruce Schneier

Excellent essay pointing out that election security is a national security issue, and that we need to perform random ballot audits on every future election: The good news is that we know how to solve this problem. We need to audit computers by manually examining randomly selected paper ballots and comparing the results to machine results. Audits require a voter-verified… Continue reading Auditing Elections for Signs of Hacking→

Auditing Elections for Signs of Hacking

Posted on December 2, 2016 by Bruce Schneier

Election Security

Posted on November 15, 2016 by Bruce Schneier

It’s over. The voting went smoothly. As of the time of writing, there are no serious fraud allegations, nor credible evidence that anyone tampered with voting rolls or voting machines. And most important, the results are not in doubt. While we may breathe a collective sigh of relief about that, we can’t ignore the issue until the next election. The… Continue reading Election Security→

VeraCrypt security audit reveals many flaws, some already patched

Posted on October 18, 2016 by Zeljka Zorz

VeraCrypt, the free, open source disk encryption software based on TrueCrypt, has been audited by experts from cybersecurity company Quarkslab. The researchers found 8 critical, 3 medium, and 15 low-severity vulnerabilities, and some of them have already been addressed in version 1.19 of the software, which was released on the same day as the audit report. The code auditing effort analyzed VeraCrypt 1.18 and its bootloaders. “A first step consisted in verifying that the problems … More → Continue reading VeraCrypt security audit reveals many flaws, some already patched→

Quickly audit and adjust SSH server configurations with SSH-audit

Posted on October 14, 2016 by Zeljka Zorz

SSH-audit is a standalone open source tool for auditing and fixing SSH server configurations. It has no dependencies and will run wherever Python is available. It supports OpenSSH, Dropbear SSH and libssh, and reports on every detail of the tested SSH server, including detailed information about used algorithms and security related information. “For each algorithm, it will state the security level (warning or failure), reasoning behind the assigned state, and historic information about the algorithm’s … More → Continue reading Quickly audit and adjust SSH server configurations with SSH-audit→

Mozilla will fund code audits for open source software

Posted on June 10, 2016 by Zeljka Zorz

The Mozilla Foundation has set up the Secure Open Source (SOS) Fund, whose aim is to help open source software projects get rid their code of vulnerabilities. “The Fund is part of the Mozilla Open Source Support program (MOSS) and has been allocated $500,000 in initial funding, which will cover audits of some widely-used open source libraries and programs,” Chris Riley, Mozilla’s Head of Public Policy, explained. “But we hope this is only the beginning. … More → Continue reading Mozilla will fund code audits for open source software→