Windows Security Logging and Other Esoterica
thoughts from the Windows auditing team
Browse by Tags
All Tags
»
Laws
(RSS)
News
Privacy
Rants
German court bans retention of logged IP addresses
03 October 07 10:53 AM
|
Eric Fitzgerald
|
1 Comments
A German court has ruled that a government web site may not retain IP addresses and other personally identifiable information (PII) in their logs for any longer than the user is actually using the site. The judges pointed out that in many cases it was
Read More...
Ensuring that there's no useful data in your logs...
31 August 07 02:23 PM
|
Eric Fitzgerald
|
0 Comments
As I wrote about earlier, TorrentSpy, a file-sharing search engine, was ordered by a U.S. magistrate to enable logging on its servers and to subsequently make those logs available to the MPAA, the plaintiff in an illegal file-sharing lawsuit against TorrentSpy.
Read More...
United Kingdom passes EC telecom-logging legislation
31 July 07 02:13 PM
|
Eric Fitzgerald
|
0 Comments
To comply with EC telecommunications logging directives (as other EU nations recently have), the UK has passed a law that starting October 1 telecommunications firms must generate and retain logs of landline and mobile communications for one year. http://www.out-law.com/page-8332
Read More...
Good List of Regulatory Requirements for Logging
10 July 07 01:43 PM
|
Eric Fitzgerald
|
4 Comments
My friend Dr. Tina Bird has put together a good list of regulatory requirements that pertain to logging and log retention.
Read More...
Draft law in Germany may force telcos & ISPs to gather logs; Gmail Germany may shut down as a result
26 June 07 04:26 PM
|
Eric Fitzgerald
|
1 Comments
A draft law ( English translation ) being proposed in Germany to enforce the European Mandatory Data Retention Directive of 2006 would require telcos, ISPs, and email service providers to track and retain data necessary to trace and identify the source,
Read More...
*Not* generating logs is not an option... when you're under subpoena
11 June 07 02:10 PM
|
Eric Fitzgerald
|
1 Comments
Working as I do for a company that exists because of copyright, I'm not particularly sympathetic to TorrentSpy, a search engine company that is accused by the Motion Picture Association of America (MPAA) of helping to enable copyright infringement by
Read More...
Auditing and the Payment Card Industry (PCI) Data Security Standard
12 September 06 11:01 AM
|
Eric Fitzgerald
|
1 Comments
Here is a link to an interesting blog article interpreting the audit requirement of the PCI standard. For reference, here is a link ( pdf ) to the PCI 1.1 Data Security Standard itself. The high-level PCI requirements are listed below. Requirement 10
Read More...
Logs and the US Department of Justice Cybercrime Manual
31 August 06 01:39 PM
|
Eric Fitzgerald
|
0 Comments
Source: http://www.usdoj.gov/criminal/cybercrime/s&smanual2002.htm Here is the most relevant excerpt; highlighting is mine. Records of regularly conducted activity. A memorandum, report, record, or data compilation, in any form, of acts, events, conditions,
Read More...
Logs and the Canadian Rules for Electronic Evidence
31 August 06 01:32 PM
|
Eric Fitzgerald
|
0 Comments
Source: http://laws.justice.gc.ca/en/c-5/232082.html , 8/31/2006 Here are two excerpts from the Canadian national laws pertaining to the introduction of business records and electronic records as evidence in courts of law. Business Records Inference where
Read More...
Search
Go
This Blog
Home
Email
Tags
ACS
Descriptions
HowTo
Laws
News
Previews
Privacy
Rants
SEM
Tips
Tools
Archives
April 2008 (2)
March 2008 (1)
February 2008 (3)
January 2008 (1)
November 2007 (1)
October 2007 (2)
August 2007 (5)
July 2007 (3)
June 2007 (2)
May 2007 (3)
April 2007 (1)
February 2007 (3)
October 2006 (1)
September 2006 (2)
August 2006 (2)
June 2006 (1)
May 2006 (2)
March 2006 (3)
December 2005 (6)
November 2005 (2)
September 2005 (3)
August 2005 (11)
January 2005 (1)
December 2004 (2)
October 2004 (1)
Syndication
RSS 2.0
Atom 1.0