Has the BIOS Time Been Changed?

Saturday, September 14, 2013 | Comments (0)

An interesting and useful way to determine if the system clock has been changed to obfuscate activity, is to sort Event Log records by event record number and observe the times for each sequential record number. Does the generated time for the record increment accordingly? Another way to check for this (on XP) via the Event Log is to look for event ID 520, with a source of "Security". This event indicates the system time was successfully changed, and includes such information as the PID and name of the process responsible for the change, as well as the old system time (prior to the change) and the new time. Now, does event ID 520 necessarily mean that the user changed the system time? By itself, no, it doesn't. If an event ID 520 is in close association with an event ID 35, with a source of W32Time, it indicates that the system time was automatically updated by the W32Time service.  Read More >>>

Microsoft And The Rising Federal Scrutiny Of Bribery

Saturday, March 23, 2013 | Comments (0)

It’s what makes it difficult for compliance officers to sleep at night. You’re going about your day when the phone rings; on the other end of the line is an attorney from the Department of Justice telling you that they’ve received an anonymous tip of bribes paid by a distributor in Europe to a foreign government official. Now what?  Read More >>>

We're foiling 7-7-size plot every year, says counter-terror chief as he warns of rise in smaller groups

Saturday, March 23, 2013 | Comments (0)

Counter-terror teams are foiling a plot as big as the July 7 attacks every year, a senior police officer has revealed.  Read More >>>

GCHQ sets up cyber vulnerability research institute

Saturday, March 23, 2013 | Comments (0)

UK communications intelligence agency GCHQ has announced a second academic research institute, which will find new ways of analysing software automatically to combat cyber threats.  Read More >>>