Search the Community
Showing results for tags 'audit'.
Found 9 results
-
Filtering Windows' event logs properly, is it possible?
KaoDome posted a topic in Microsoft (Windows)
I want to track process creation on Windows, with their launching arguments, and from what I could see it is possible natively enabling event ID 4688, but I am having trouble processing what it is being logged. It is a single local machine, so I don't have anything fancy to analyze those event logs. Searching on Google I got to software from various companies that deal in that, ingesting logs from multiple sources even, but not only it would be an overkill, I don't have a license for any. The problem I have is noise basically, an abundance of entries. The native Windows Event Viewer does offer some filtering, but I don't think it could have been any simpler 😞, one can choose to only see 4688s, but that's about it, no way to even exclude by path or image name. I thought the "keywords" field could allow me to do it, but it is something else (outcome of the event trigger it seems). Since some of you guys are sysadmins, I thought of asking, perhaps you had wanted to do this at some point or filter similar event logs and know how it could be done. I could filter by time, but it would be limiting either way, if at all possible I would prefer having those events logged at all times. Stumbled upon another option to accomplish the logging that involves running the process(es) under a debugger of sorts that hooks the APIs you want, in this case it would be those that lead to the creation of a new process, and then see those calls and the parameters used ... Nuts. I think it is better to filter what Windows logs instead. Thanks anyway! -
Microsoft is removing non-compete clauses in the U.S. and increasing pay transparency
Usama Jawad96 posted a topic in Front Page News
Microsoft is removing non-compete clauses in the U.S. and increasing pay transparency by Usama Jawad Microsoft has announced a bunch of initiatives to improve its employee-related policies. Although the company operates in many countries, the changes apply to its U.S. workforce only for now. The idea behind the four new initiatives is to foster a healthy culture at Microsoft with a focus on employee wellbeing. The first initiative relates to non-compete clauses for employees. For those unaware, this is a contractual agreement that a person should not enter a competition with their employer after their employment period is over. For example, an Xbox engineer can't join the PlayStation engineering team if they leave Microsoft because that would be in direct competition to Xbox. Although Microsoft says that it rarely enforces this clause, it is removing it from almost all U.S. employee contracts and will not enforce it for existing contracts either. The only exception for this is senior leadership, such as partners and executives, who will still be bound by non-compete clauses. The second initiative is about confidentiality provisions in managing workplace disputes. Microsoft has now modified all its U.S. settlement agreement legalese to remove instances of confidentiality provisions. What this means is that employees can come forward and disclose any "alleged conduct that they perceive is illegal discrimination, harassment, retaliation, sexual assault, or a wage and hour violation occurring in the workplace". They will not be told to keep silent on such issues legally. Microsoft is also working on further improving pay transparency. Although the company has publicly posted reports in this area annually since 2014 and it doesn't ask job applicants about their salary history either, it is now going one step further. After January 2023, Microsoft will publicly reveal salary ranges for all its internal and external job postings in the U.S. Finally, Microsoft has agreed to a civil rights audit regarding its workplace policies. Naturally, this will be conducted by an external party with the corresponding report published by the end of fiscal year 2023. Microsoft hopes that all four of these initiatives show that its employees "are the heart and soul of our company and our number one priority". -
Google commits to solving security problems in open-source projects like Git and Laravel
Usama Jawad96 posted a topic in Front Page News
Google commits to solving security problems in open-source projects like Git and Laravel by Usama Jawad After a meeting with U.S. President Joe Biden a few weeks ago, Google announced that it is pledging $100 million towards improving security in open-source projects. Today, it has revealed that it is partnering with the Open Source Technology Improvement Fund (OSTIF) to do just that. Together, the two entities will launch the Managed Audit Program (MAP). Through this initiative, they will increase the depth of security reviews and audits of open-source projects that are widely used by people all over the world. For now, Google has committed to manage security priorities and help fix flaws in eight open-source projects. These are: Git Lodash Laravel Slf4j Jackson-core Jackson-databind Httpcomponents-core Httpcomponents-client Commenting on the partnership, OSTIF had the following to say: We would like to thank the Google Open Source Security Team for helping us scale our impact to not only find bugs but also fix issues across the open-source ecosystem. From here, we hope to significantly grow operations to support hundreds of projects in the coming few years. To reach this goal, we will need support from the communities that rely on this infrastructure, and improve our data to target the best projects for our work. In the end, we believe these combined efforts will lead to a safer open source environment for everyone. It is important to note that the initial list of MAP projects has 24 items, and they contain notable entries like Electron, React Native, Rails, Joomla, and Angular too. However, they will likely be included in subsequent rounds of MAP as funding for them has not been secured yet. -
Twitter will be undergoing a brand safety audit by Usama Jawad Back in December 2020, Twitter announced that it will undergo an accreditation process conducted by the Media Ratings Council (MRC). This will include four areas, namely Viewability, Sophisticated Invalid Traffic Filtration, Audience Measurement, and Brand Safety. Now, Twitter has disclosed that it has finalized the scope of the last assessment from the aforementioned list, and will be undergoing an audit soon. In the first half of this year, Twitter worked with the MRC to determine the scope, sequencing, and timing of each audit, and now it has signed an agreement for the "pre-assessment" of Brand Safety throughout the rest of the year. In this audit, the MRC will assess if Twitter complies with the brand safety standards set by the industry, especially around displaying ads across a variety of places on the platform such as search results, user profiles, and Amplify. The pre-assessment will take several months and will ensure that Twitter is ready for the actual audit in terms of readiness of operations, processes, and methodology. If gaps are identified in terms of potential for improvement, Twitter will work to close them. The date for the audit has not been revealed yet. Twitter has highlighted that as a founding member of the Global Alliance for Responsible Media (GARM), it will also be engaged in improving the ad industry for the better. In the same vein, the company will continue working with the MRC to agree on the scope of the remaining three audits. The next audit that it will be tackling is Audience Measurement. The firm has previously stated that the aim of being accredited by the MRC is to demonstrate its "enduring commitment to transparency".
-
.thumb.jpg.9fa3200c7b9fb5634218bfcdcd10bf91.jpg)
Facebook will have its hate speech controls audited
Usman Khan Lodhi posted a topic in Front Page News
Facebook will have its hate speech controls audited by Usman Khan Lodhi Facebook has stated that it will subject itself to an audit pertaining to the management of hate speech controls, according to Reuters. This action is being taken to alleviate concerns of advertisers amidst calls for a boycott of the platform, as major advertisers, namely Unilever and Starbucks, have signed on the "Stop Hate for Profit" campaign initiated by the civil rights groups, which are urging brands to put their Facebook ads on hold until the Menlo Park firm promises to take firm action to take down hate speech. Media Rating Council (MRC), a nonprofit organization that manages accreditation for media research and rating purposes, will conduct the audit, and evaluate how the firm safeguards advertisers from appearing next to harmful content. Additionally, the firm will assess the accuracy of Facebook's reporting in specific domains. Facebook hasn't decided when the audit will take place or what will be its scope. Facebook hosted a call with advertisers today, informing them that a new data point will be inserted regarding hate speech in its Community Standards Enforcement Report, which details how the firm takes down content that violates policy. The Media Kitchen's CEO, Barry Lowenthal, who was present during the call, said that although Facebook has taken numerous steps to crack down on hate speech, the problem has become so large that drastic measures are required to fix it. He stated: “Maybe they should hit pause on the platform entirely. How much more can society handle?” Facebook is taking measures to combat misinformation, which include revamping the News Feed to prioritize original reporting. The firm believes that doing so will result in increased distribution of credible news. Source: Reuters -
ProtonMail's open source encryption library, OpenPGPjs, passes independent audit
zikalify posted a topic in Front Page News
ProtonMail's open source encryption library, OpenPGPjs, passes independent audit by Paul Hill ProtonMail, the secure email provider, has just had its credentials re-affirmed after its encryption library, OpenPGPjs, passed an independent security audit. The audit was carried out by the respected security firm, Cure53, after the developer community commissioned a review following the release of OpenPGPjs 3.0 back in March. In its audit, Cure53 focused on the following areas: AEAD encrypted packets EAX, GCM, OCB CMAC All cryptographic primitive implementations: AES, AES-EAX, AES-GCM, AES-CBC, ED25519, C25519, ECDSA, HMAC, P256, P384, P521, SECP256K1 Prime number handling Date support in signatures Cryptographic API exposure via different providers Cure53 gave the library a highly positive result stating that no major issues were discovered. In a statement the security firm said: “Tested cryptographic implementations were top notch and excellent quality given the platform. The only limitations come from the platform itself (JavaScript/web), which do not allow for side channel resistance or reliable constant time operations. Overall however this is an exceptional library for JavaScript cryptography.” According to ProtonMail, OpenPGPjs forms the foundation of the encryption that takes place on the ProtonMail platform. In the latest version it gained several new features and improvements including support for elliptic curve cryptography (ECC). Image via ProtonMail -
Facebook third-party app audit deadline looms, threatens API cut-off
zikalify posted a topic in Front Page News
Facebook third-party app audit deadline looms, threatens API cut-off by Paul Hill Facebook has published a reminder that August 1st is the deadline for third parties to submit their apps for review before they lose access to the Facebook Platform APIs. The firm said that hundreds of thousands of inactive apps which haven’t re-applied for the app review process, are going to lose access to the APIs tomorrow, meaning apps that you use might end up broken. In a statement, Ime Archibong, VP of Product Partnerships, said: “We’d encourage apps that are still being used but have not been submitted for app review to do so now. However, to ensure all apps currently in use go through our review process, we will be proactively queueing up apps for review. Where we need more information, developers will have a limited amount of time to respond. If we don’t hear back within that timeframe, we will remove the app’s access to APIs that require approval. Developers will not lose their API access while their app is in the queue or while we are reviewing it — so long as they comply with our Platform Policies.” Archibong announced back in May that the firm was currently reviewing apps following the huge scandal surrounding Cambridge Analytica’s misuse of data. Facebook made alterations in 2014 which would limit the amount of data that was shared via APIs but said that a new audit was needed to retroactively check apps. As of May, thousands of apps had been reviewed and 200 had been suspended, but no new figures have been supplied in the latest update. Facebook will be looking to ensure that it executes its plans perfectly after news did the rounds at the end of July that Facebook stock lost over $120 billion in value in a single day. -
Facebook's audit into app data collection underway, 200 apps suspended
zikalify posted a topic in Front Page News
Facebook's audit into app data collection underway, 200 apps suspended by Paul Hill Back in March, Mark Zuckerberg promised to audit apps that had access to large amounts of user data before a change was made in 2014. Now, the firm’s VP of Product Partnerships, Ime Archibong, has posted an update on the situation claiming that the investigation “is in full swing”. Explaining the audit process, Archibong said: “The investigation process is in full swing, and it has two phases. First, a comprehensive review to identify every app that had access to this amount of Facebook data. And second, where we have concerns, we will conduct interviews, make requests for information (RFI) — which ask a series of detailed questions about the app and the data it has access to — and perform audits that may include on-site inspections.” He further stated that Facebook has large teams of internal and external experts working through apps that need investigating as quickly as possible. So far they have covered thousands of apps and as many as 200 have been suspended and are now awaiting a more thorough investigation into whether they did certainly misuse data. If Facebook finds any offenders as it trawls through the apps, it says it will update its ‘How can I tell if an app may have misused my Facebook information?’ page, so be sure to bookmark it. Source: Facebook -
Increase in suppliers lead to more labor violations for Apple
Karan Singh posted a topic in Front Page News
Increase in suppliers lead to more labor violations for Apple by Gurkaran Singh Apple, in its annual audit report of working conditions among its suppliers, found twice as many labor and environmental violations as the previous year. The company found 44 core violations including fabricated work hours data. However, the majority of its 756 suppliers (across 30 nations) complied with the company's code of conduct. The twelfth edition of the annual report audited almost 200 suppliers for the first time, which could explain the hike in violations. Apple's production scale is one of the largest in the world, and it mostly comes from factories owned by contractors. Overall, the report was more positive for Apple as only one percent of the suppliers scored less than 59 on a 100-point scale termed "low performers". In 2016, that proportion was three percent and, in 2014, it was 14%. "High performers", or those with a score greater than 90, also increased to 59% over 2016's 47%. In a case of gross violation, a supplier coerced 700 contract workers from the Philippines to pay $1 million to work for them. The company forced the supplier to return the money. Apple's 60-hour work week fell to 94% as opposed to 97% the year before with the company discovering 38 cases of falsified data. In 2016, Apple had discovered nine such cases. Once these cases are discovered, the company notifies the CEO of the supplier and puts the supplier on a probation. Once the supplier deals with the situation, Apple evaluates the changes and makes sure that the problem is taken care of. Apple COO Jeff Williams said that the company is "committed to raising the bar every year across our supply chain"; the company also claimed that the increase in violations was driven by an increase in its number of suppliers. It also tracked work hours data for over 1.3 million employees- a 30% growth over the previous year. The corporation claims to have launched an initiative to train line workers in order to help them become line leaders, which will increase their pay by 20% to 30%. Last year, the company had received flak after it was discovered that several children in Apple's Chinese factories had 11-hour work days, it has since framed new rules with regards to student labor. Source: Reuters