I was recently reminded of this enumeration.
Read, learn, and live it.
CWE - 2022 CWE Top 25 Most Dangerous Software Weaknesses (mitre.org)
I was recently reminded of this enumeration.
Read, learn, and live it.
CWE - 2022 CWE Top 25 Most Dangerous Software Weaknesses (mitre.org)
For some reason, that escapes me at the moment, I needed to generate a few passwords. And having spent most of my career as a Software Engineer, I don't spend the time brainstorming those bits, I write a program. Or perhaps better, I let someone else write the program.
So I did: I found someone's work, which was broken, fixed it, improved it, and now I'm sharing it with you.
Enjoy.
https://github.com/W1T3H4T/password-gen
cat /dev/urandom | head -c 2048| od -x | cut -b 8-40 | xargs | sed 's/ //g' | head -c 32
#!/bin/bash# =================================================================# File : csprng.sh# Function: Generate a cryptographically secure random number# Who : David Means <www.w1t3h4t.com># =================================================================function doHelp(){echoecho "Generate a cryptographically secure random number"echoecho "Usage: $(basename $0) {bits}"echoecho "Example: $(basename $0) 128"}if [ $# -eq 0 ] ; thendoHelpexitfibytes=0bitCheck=$(($1 % 8))if [ $bitCheck -eq 0 ]; thenbytes=$(($1 / 8))cat /dev/urandom | head -c 2048 | od -x | cut -b 8-40 | xargs | sed 's/ //g' | head -c ${bytes}echoelseechoecho "$1 not divisable by 8"echofi
This talk will demonstrate what everyone has long feared but never proven: there are hardware backdoors in some x86 processors, and they're buried deeper than we ever imagined possible. While this research specifically examines a third-party processor, we use this as a stepping stone to explore the feasibility of more widespread hardware backdoors.
A processor is not a trusted black box for running code; on the contrary, modern x86 chips are packed full of secret instructions and hardware bugs. In this talk, we'll demonstrate how page fault analysis and some creative processor fuzzing can be used to exhaustively search the x86 instruction set and uncover the secrets buried in your chipset.
It is a high-level statement (plan or framework) addressing security requirements and objectives. It may address an entire organization or be specific to an issue or system.
It is a type of governance in that it expresses the security framework established by management. It is the primary method by which an organization sets expectations for a variety of topics.