Christmas-Kids and Hackers Love This Time of Year

December 06, 2013
When people think of Christmas, most of them imagine family gatherings and good times. We often forget that from the end of Thanksgiving to the beginning of the year, the U.S. spends billions of additional dollars on merchandise that otherwise would have stayed on the shelves. We sometimes forget that hackers love this season as well.

Auditing File Shares with the Windows Security Log

November 20, 2013
Over the years, security admins have repeatedly asked me how to audit file shares in Windows.  Until Windows Server 2008, there were no specific events for file shares.

Thieves Tried to Steal Credit Cards from Nordstrom

October 18, 2013
The department store giant garnered unwanted attention earlier this month when they announced that a Florida store fell victim to a team of thieves who attached extremely small devices called key loggers in line with their keyboards where they plug into the registers.

PCI 3.0 Is Coming - Are You Ready?

October 04, 2013
Every 3 years the Payment Card Industry Data Security Standard (PCI) is updated to a new version. The time for the next release is right around the corner. Are you Ready?

Can Your Point of Sale Be Compliant after the End of Microsoft XP?

September 13, 2013
From a PCI compliance standpoint, merchants using Windows XP will have problems maintaining compliance because they cannot keep their operating systems patched to protect themselves from the latest vulnerabilities. On the flip side, there are many Point of Sale (POS) software packages that have only been validated using Windows XP, and if another operating system is used instead, it will violate the official implementation guide (and thus fall out of compliance). Our customers have been asking us for guidance, so we did a little research.

Does Your Call for Help Bring Hackers to Your Door?

July 19, 2013
There is a new trend facing people who rely on help desks. Hackers are targeting help desks because they know that the people who provide you support have the access into your systems that they want to exploit.

Following a User’s Logon Tracks throughout the Windows Domain

July 17, 2013
What security events get logged when a user logs on to their workstation with a domain account and proceeds to run local applications and access resources on servers in the domain?

What did Ben Franklin really mean?

July 03, 2013
In the aftermath of the disclosure of the NSA program called PRISM by Edward Snowden to a reporter at The Guardian, commentators have gone into overdrive and the most iconic quote is one attributed to Benjamin Franklin “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety”.

Balancing Privacy and Security

May 31, 2013
In the wake of the most recent terrorist bombing in Boston, it is easy to understand why some people would be willing to sacrifice a few liberties to the government in favor of more security. A common train of thought is that an honest person does not have anything to hide, so the intrusion into our private lives is really a minor thing. In a Utopian society, I would tend to agree with that sentiment, but we live somewhere else.

Square Cash - A Money Transfer Game Changer?

May 24, 2013
Square strives to make financial transactions simple enough so that the average person on the street can participate. Before Square, a regular person without a bank supplied merchant account could not take credit cards. Today, Square allows everyone with a smart phone to accept credit cards, and now the company is focusing on another market – person to person cash payments.

Internet Explorer 8 - People Still Love It, But There’s a Problem

April 26, 2013
This type of issue with a browser is so damaging because computer hackers who take advantage of it, can execute malicious code on the affected machines without the user needing to download anything or without any indication that the machine has been compromised. All a user has to do to be infected is to go to a website that has a malicious script embedded on it, and viola you have been hacked!

Hackers May Just Look to Embarrass You

March 29, 2013
When you think about electronic security, what comes to mind? Do you consider how vulnerable your customer credit cards are, or how easily someone can break into your on-line bank account? These are the most profitable avenues of attack that thieves usually focus on, but occasionally, cybercriminals are motivated by something besides greed.

How to Use Process Tracking Events in the Windows Security Log

March 03, 2013
I think one of the most underutilized features of Windows Auditing and the Security Log are Process Tracking events. In Windows 2003/XP you get these events by simply enabling the Process Tracking audit policy.

Universal Plug and Play - New Report on an Old Problem

February 22, 2013
In the dark ages of personal computers (1980′s and 90′s), you either needed to be a computer geek or have access to one if you wanted any device to work with your computer. You had to go through a complicated driver installation process, and possibly replace system files. My how the world has changed.

Do Hackers Fear U.S. Jails?

January 18, 2013
In what should only be considered a victory for the U.S. DOJ, 2 of the 4 alleged Subway hackers responsible for potentially $10 Million dollars in computer fraud have been sentenced, and 1 of the remaining criminal’s trial is set to begin shortly.

SIEM: Security, Incident AND Event MANAGEMENT, not Monitoring!

January 01, 2013
Unfortunately, IT is not perfect; nothing in our world can be. Compounding the inevitable failures and weaknesses in any system designed by fallible beings, are those with malicious or larcenous intent that search for exploitable system weaknesses.

Why are Workstation Security Logs so Important?

January 01, 2013
No one needs to be convinced that monitoring Domain Controller security logs is important; member servers are equally as important: most people understand that member servers are where “our data” is located.

The Key Difference between “Account Logon” and “Logon/Logoff” Events in the Windows Security Log

January 01, 2013
An area of audit logging that is often confusing is the difference between two categories in the Windows security log: Account Logon events and Logon/Logoff events.  These two categories are related but distinct, and the similarity in the naming convention contributes to the confusion.

The Art of Detecting Malicious Activity with Logs

January 01, 2013
Randy Franklin Smith compares methods for detecting malicious activity from logs including monitoring for high impact changes, setting up tripwires and anomalous changes in activity levels. Security standards and auditors make much of reviewing logs for malicious activity.

Logs for Insider Abuse Investigations

January 01, 2013
In most previous newsletters, we have discussed the use of logging for various regulatory mandates (such as PCI DSS, HIPAA and FISMA) as well as the use of logs for incident response and malicious software tracking. This log data can also be incredibly useful for detecting and investigating insider abuse and internal attacks.

Detecting Zeus, Logging for incident response, and more

January 01, 2013
Preparing the Infrastructure From all the uses for log data across the spectrum of security, compliance, and operations, using logs for incident response presents a truly universal scenario – you can be forced to use logs for incident response at any moment, whether you’re prepared or not.

5 cyber security myths, the importance of time synchronization, and more

January 01, 2013
Time won't give me time: The importance of time synchronization for Log Management

100 Log Management uses #29 Detecting XSS attacks

January 01, 2013
The number 1 vulnerability on the OWASP list is cross site scripting or XSS. XSS seems to have replaced SQL injection as the new favorite for web attacker. We look at using web server logs to detect signs of these XSS attacks.

The EPS Myth

January 01, 2013
Often when I engage with a prospect their first question is “How many events per second (EPS) can EventTracker handle?” People tend to confuse EPS with scalability so by simply giving back an enormous-enough number (usually larger than the previous vendor they spoke with) it convinces them your product is, indeed, scalable.

The 5 W’s of Security Management

January 01, 2013
The 5 W’s of security management I’ve seen it happen about a thousand times if I’ve seen it once. A high profile project ends up in a ditch because there wasn’t a proper plan defined AHEAD of time.