Windows Security Logging and Other Esoterica

thoughts from the Windows auditing team

Browse by Tags

Tagged Content List
  • Blog Post: ACS' first bug from being too performant

    We got several reports recently of a bug in ACS that certain DS Access events, primarily for dnsNode and dnsZone objects, don't properly get looked up. Some background: the event log in Windows prefers to log invariants such as message IDs, parameter message IDs, SIDs (security IDs which represent...
  • Blog Post: Shameless Self-Promotion

    There's one topic that I know is on everyone's mind- no, not American Idol - it's "What's new in Auditing in Windows Server 2008?" Well, funny that you brought that up. My friend Jesper Johanssen just wrote a new book, the Windows Server 2008 Security Resource Kit , and he invited me to write a chapter...
  • Blog Post: ACS Tidbits

    Well there has been a lot happening on my old project, ACS (Audit Collection Services, a feature of SystemCenter Operations Manager 2007 ). Two more of our partners, Enterprise Certified and NetPro , have released compliance solutions on top of ACS. Another of our partners with ACS-based compliance...
  • Blog Post: German court bans retention of logged IP addresses

    A German court has ruled that a government web site may not retain IP addresses and other personally identifiable information (PII) in their logs for any longer than the user is actually using the site. The judges pointed out that in many cases it was simple to map an IP address to an identity with...
  • Blog Post: Ensuring that there's no useful data in your logs...

    As I wrote about earlier, TorrentSpy, a file-sharing search engine, was ordered by a U.S. magistrate to enable logging on its servers and to subsequently make those logs available to the MPAA, the plaintiff in an illegal file-sharing lawsuit against TorrentSpy. They have lost their appeals and as a result...
  • Blog Post: Voting Machine Logs + e-Government Laws = No Secrets When Voting

    Researchers in the state of Ohio in the United States have discovered that by analyzing the logs produced (by law) from e-voting machines used in certain counties, they can determine the vote(s) each voter made . Further, the logs, by law, must be produced on demand, as part of our open elections process...
  • Blog Post: AT&T Team Up With Apple to Create Large-Scale Log Forwarding System Using Paper & US Postal Service

    http://arstechnica.com/news.ars/post/20070811-iphone-bill-is-surprisingly-xbox-huge-lol.html Fortunately for customers they strip out all the interesting details that would make it useful to, well, anyone.
  • Blog Post: EZ-Pass Logs Used in Divorce Cases

    This one kind of speaks for itself. I guess this is more of a privacy issue than a logging issue. http://www.msnbc.msn.com/id/20216302/ [Edited 2010-08-06 by EricF- fixing broken link]
  • Blog Post: Draft law in Germany may force telcos & ISPs to gather logs; Gmail Germany may shut down as a result

    A draft law ( English translation ) being proposed in Germany to enforce the European Mandatory Data Retention Directive of 2006 would require telcos, ISPs, and email service providers to track and retain data necessary to trace and identify the source, destination, date, time, duration, type, and communication...
  • Blog Post: *Not* generating logs is not an option... when you're under subpoena

    Working as I do for a company that exists because of copyright, I'm not particularly sympathetic to TorrentSpy, a search engine company that is accused by the Motion Picture Association of America (MPAA) of helping to enable copyright infringement by making it easier to find content on the BitTorrent...
  • Blog Post: We're #294!

    Woohoo! Thank you all for helping push my humble prose into the limelight. Our little community is now in the top 10% of the most accessed blogs on MSDN. We'd probably be a lot higher if I got off my lazy behind and wrote more often. Anyway the monthly stats came out and this is the 294th most frequently...
  • Blog Post: A good 3rd-party reference to the Windows security event log

    Randy Franklin Smith has a site with a very good reference to security event log events. Randy also does training on Windows security log analysis.
  • Blog Post: EU Passes New Log Retention Rule for Telcos

    The BBC reports that the European Parliament has approved rules, as an anti-terror measure, to require telephone companies to retain call and internet records for two years. I do not know if Windows-powered telephony switches exist, but even if they do they probably don't log the desired information...
  • Blog Post: Auditing Flaw in Microsoft SQL Server 2000

    http://support.microsoft.com/default.aspx?scid=kb;en-us;910741
Page 1 of 1 (14 items)