‘Foreshadow’ Flaw Undermines the Intel CPU Secure Enclave

https://www.wired.com/story/foreshadow-intel-secure-enclave-vulnerability/

The best advice continues to apply in these situations:

  • Apply OS patches regularly
  • Apply hardware patches regularly
  • Manage the obsolescence of the platform
  • Consider vulnerabilities in future procurement
  • Carry out a technical risk assessment and identify potential countermeasures

Of course, this is best practice in any case, apart from a bespoke risk assessment. Your routine patching should guarantee all patches are applied. What you do on top of that should be an enhancement.

The Deming Cycle ā€“ view it as a framework for action

The Deming Cycle has been around for a long time in information assurance and information security. It crops up in almost every introductory course on these topics, and can be found in a variety of frameworks and standards ā€“ for example, ISO/IEC 27001:2005 made the Deming cycle a core part of the ISMS until the 2013 version of the standard made it less prominent.

Read More »

PowerShell one liner to ping sweep a range of IPv4 addresses

I was in London a couple of weeks ago on an ethical hacking training course. It was very interesting subject matter, and our instructor mentioned his increasing interest in PowerShell for scripting. It chimed with me, as Iā€™m finding PowerShell to be a very useful technology for a wide range of tasks.

One of the useful capabilities of PowerShell is the interactive shell, and the opportunity to quickly develop scripts that automate a laborious task.

Read More »