IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [logging]

Specific to logging of alerts, activities and actions. This also covers user's history managed by software such as browsers.

377 questions
247
votes
18 answers

Passwords being sent in clear text due to users' mistake in typing it in the username field

Upon reviewing the Logs generated by different SIEMs (Splunk, HP Logger Trial and the AlienVault platform’s SIEM) I noticed that for some reason quite a few users tend to make the mistake of typing their passwords in the username field, either in…
Lex
  • 4,247
  • 4
  • 19
  • 27
73
votes
9 answers

I almost searched my password, but didn't press enter. Is my password at risk, because of autocomplete or anything else?

Without even thinking about it, I typed my password into the Google search bar, but I didn't press enter. Since autocomplete is on, does that mean my password has been logged or indexed somewhere? Would it be a good idea to change my password or is…
Randy
  • 681
  • 1
  • 5
  • 7
49
votes
5 answers

Should I log that a user changed their password?

Are there any security concerns with logging that a user changed their password? I'm already logging whenever an admin changes a users password for audit purposes, but is there a reason to not have a log of when each user changed their own…
edruid
  • 571
  • 1
  • 4
  • 11
47
votes
3 answers

Should we keep logs forever to investigate past data breaches?

Listening to the Secure code lessons from Have I Been Pwned made me really think about logging. It appears that in the real world a lot of data breaches are discovered long after they happened which makes the investigation and recovery much more…
alecxe
  • 1,515
  • 5
  • 19
  • 34
44
votes
8 answers

Should log files be kept secret?

Accessing web server log files via a URL has a certain appeal, as it provides easy access. But what are the security risks of allowing open access to log files?
Ola Eldøy
  • 557
  • 1
  • 4
  • 7
42
votes
3 answers

Should Failed Login Attempts Be Logged

Should failed login attempts be logged? My doubt is that if there is a distributed brute force attack, it might exhaust the available disk space of the database. What is the best practice for this? I'm protecting a public-facing web server with…
John L.
  • 741
  • 5
  • 8
33
votes
2 answers

Why would properly logging full http requests be bad practice?

I'm currently looking at Secure Coding Practices documentation provided by Veracode with their code analysis toolsuite. In a "secure logging practices" section, they mention that logging full HTTP requests in case of error is a common mistake, but…
niilzon
  • 1,587
  • 2
  • 10
  • 17
33
votes
4 answers

Should I be worried if I accidentally entered my password in a username field?

Occasionally I will fail to hit Tab properly when entering a username/password combination. This results in me submitting username "myUsername$ecretPa$$word" along with a blank password. I always try to change my password shortly after doing this,…
loneboat
  • 1,434
  • 1
  • 12
  • 16
32
votes
4 answers

Is displaying email addresses in an application log file allowed under GDPR?

I'm working on an application that is completely built upon user interaction. In my application logs, I log each interaction and print the email address to uniquely identify which user did which interaction. This application log will not be visible…
Titulum
  • 423
  • 1
  • 4
  • 8
27
votes
1 answer

What questions should be asked when joining a new security team?

I've accepted a position at a different company working on their security team and have been mentally putting together a list of questions to ask so I can rapidly get up to speed in the environment and start gathering ideas about things to…
bobmagoo
  • 434
  • 4
  • 11
26
votes
3 answers

Techniques for ensuring verifiability of event log files

Bit of newbie at the whole forensics stuff - but I'm trying to find out what I should have in place before an attack. While there is no end of material on the internet about forensics from seizure onwards, I'm trying to find out more about how I can…
symcbean
  • 18,278
  • 39
  • 73
26
votes
2 answers

How are full URLs exposed when they are encrypted by HTTPS?

As far as I know, HTTPS URLs are encrypted (correct me if I'm wrong). There was a data leak recently and in one article about the leak I saw this picture: If HTTPS URLs are encrypted then how did the ISP log the full URL (notice "fw-url")?
Alexander
  • 271
  • 1
  • 3
  • 4
26
votes
7 answers

How to prevent admins to access logs from their own activity?

The idea would be to prevent an attacker who has stolen a root/admin account or escalated to clear his own activities or even read the traces of what he is doing. Let's assume we are under Linux, we log with auditd, have centralized logs, and we can…
lalebarde
  • 587
  • 1
  • 5
  • 13
25
votes
2 answers

Which HTTP status codes are interesting from a security point of view?

I'm looking to extract interesting information from webserver logs and I wonder which HTTP status codes should I filter out? For example, 200 hits can be considered to be 'regular behavior' whereas lots of 404 hits from a certain IP probably means…
tkit
  • 3,272
  • 5
  • 28
  • 36
22
votes
5 answers

Does Google collect and store data about activity done in Incognito mode?

Suppose that someone browses non-Youtube videos (like on Vimeo) in Google Chrome's Incognito mode. Does Google collect and store any data about this activity ("watched videos on Vimeo" activity)? In general, does Google store ANYTHING that is done…
Jay Shah
  • 339
  • 2
  • 4
  • 10
1
2 3
25 26