Hello, welcome to the Tuesday, February 19th, 2019 edition of the Sandcent Storm Center's Stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

A good reminder today from Didi about knowing what you log. Didi take the example of a little bit an odd log format created by an Arduino application.

Now, of course, not a lot of people do run Arduino and sort of in enterprise networks and I like,

but it's really sort of just an example for that you sometimes end up with

logs that are really difficult to read and where you first need to spend a little bit of time

to actually research the log format. This is of course in particular difficult if you run into

this log after a possible incident. So always

best practice to take a look at your logs before there is an incident in order to figure

out, am I able to read them? What do these logs actually mean? Or in some cases, just who do I

ask for help to actually explain to me what

this log means.

That's in particular important for custom application, where often it's just the developer

that actually created the application that can really explain the context for these logs.

And a group of researchers with Google took a step back and sort of took a high-level view at the various specter vulnerabilities and different mitigation techniques.

Now, one thing they sort of came up with was that really all the

software mitigation techniques are insufficient to really prevent Spectre, that it

really takes hardware mitigation in order to protect the system. Without sufficient

hardware protection there is always a chance that different

threats are able to read each other's data, which is really sort of at the core of the specter

vulnerability. Now, the researchers that contributed to this paper, they distinguished themselves by being

the team behind the Google Chrome JavaScript

engine. And one thing they're pointing out is that in particular the ability of browsers,

...