An interesting logging regulation that doesn’t apply to Windows event logs…

I was browsing around looking for logging regulations and stumbled across this.  It’s the United State’s federal regulation on EDRs – Event Data Recorders – installed in automobiles. EDRs are little log engines, like the “black box” flight data recorders on commercial airliners.  They are typically part of the airbag system on an automobile. They…

3

If you’re gonna herd bots, do it from New Zealand!

A judge in New Zealand declined to convict the admitted (guilty plea) botherder of a million-bot botnet, citing the negative consequences a conviction would have on the young man’s future prospects.  See the story here. Well duh.  The whole theory of crime and punishment is that if you do something bad, you get punished, and…

0

German court bans retention of logged IP addresses

A German court has ruled that a government web site may not retain IP addresses and other personally identifiable information (PII) in their logs for any longer than the user is actually using the site. The judges pointed out that in many cases it was simple to map an IP address to an identity with…

1

Ensuring that there’s no useful data in your logs…

As I wrote about earlier, TorrentSpy, a file-sharing search engine, was ordered by a U.S. magistrate to enable logging on its servers and to subsequently make those logs available to the MPAA, the plaintiff in an illegal file-sharing lawsuit against TorrentSpy.  They have lost their appeals and as a result have decided to block US…

0

United Kingdom passes EC telecom-logging legislation

To comply with EC telecommunications logging directives (as other EU nations recently have), the UK has passed a law that starting October 1 telecommunications firms must generate and retain logs of landline and mobile communications for one year. http://www.out-law.com/page-8332http://www.jisclegal.ac.uk/publications/dataretention.htm VoIP calls are not covered by the new law.

0

Draft law in Germany may force telcos & ISPs to gather logs; Gmail Germany may shut down as a result

A draft law (English translation) being proposed in Germany to enforce the European Mandatory Data Retention Directive of 2006 would require telcos, ISPs, and email service providers to track and retain data  necessary to trace and identify the source, destination, date, time, duration, type, and communication device for any fixed network telephony, mobile telephony, Internet access, Internet…

1

*Not* generating logs is not an option… when you’re under subpoena

Working as I do for a company that exists because of copyright, I’m not particularly sympathetic to TorrentSpy, a search engine company that is accused by the Motion Picture Association of America (MPAA) of helping to enable copyright infringement by making it easier to find content on the BitTorrent file sharing network. How does this pertain…

1

Auditing and the Payment Card Industry (PCI) Data Security Standard

Here is a link to an interesting blog article interpreting the audit requirement of the PCI standard.   For reference, here is a link (pdf) to the PCI 1.1 Data Security Standard itself.   The high-level PCI requirements are listed below.  Requirement 10 is the requirement pertaining to audit.   Build and Maintain a Secure…

1

Logs and the US Department of Justice Cybercrime Manual

Source: http://www.usdoj.gov/criminal/cybercrime/s&smanual2002.htm Here is the most relevant excerpt; highlighting is mine. Records of regularly conducted activity. A memorandum, report, record, or data compilation, in any form, of acts, events, conditions, opinions, or diagnoses, made at or near the time by, or from information transmitted by, a person with knowledge, if kept in the course of a…

0