286: Twenty Cans of Gas

Colin O’Flynn (@colinoflynn) spoke with us about security research, power analysis, and hotdogs.

Colin’s company is NewAE and you can see his Introduction to Side-Channel Power Analysis video as an intro to his training course. Or you can buy your own ChipWhisperer and go through his extensive tutorials on the wiki pages.

ChipWhisperer on Hackaday


Some FPGA resource mentioned:

258: Security Is Another Dimension

We spoke with Axel Poschmann of DarkMatter LLC (@GuardedbyGenius) about embedded security.

For a great in-depth introduction, Axel suggested Christof Paar’s Introduction to Cryptography class, available on YouTube. We also talked about ENISA’s Hardware Threat Landscape and Good Practices Guide.

Axel will be speaking at Hardwear.io, a security conference for the hardware and security community. The conference consists of training (11th - 12th Sept 2018) and conference (13th - 14th Sept 2018). It is in The Hague, Netherlands.

DarkMatter is hiring

Elecia has some discount coupons for the Particle.io Spectra conference.

229: Slinky with a Lot of Math

Nick Kartsioukas (@ExplodingLemur) spoke with us about information security, melting down spectres, lemurs, and sensible resolutions.

Nick recommends Aumasson’s Serious Cryptography (also available from NoStarch) as a good orientation. (Offline, he also recommended Shneier’s Secrets and Lies.)  

When thinking about security, you need to develop your threat model (EFF) and not panic (Mickens). As a user of the internet, there are some getting started guides (Motherboard, EFF, Smart Girl’s Guide to Privacy) along with Nick’s advice of using an antivirus program (comparison), an Adblocker (uBlock), a password manager, and 2-factor authentication. Data backups are also very useful (3-2-1 rule: 3 copies, 2 separate media, 1 offsite). For a professional infosec perspective, the CIS 20 are best practice guidelines for computer security.

For Spectre and Meltdown, the best high-level explanation is in Twitter from @gsuberland though XKCD does its usual good job as well. For more detail, about speculative execution bugs, check out this github readme.

For the history of the Stuxnet, check out Zetter’s Countdown to Zero Day and the Security Now podcast episode 291.

Ham radio Field Days for 2018 are June 23-24

Last but not least: Depression lies so get help and if you want to know how to help someone else, look at MakeItOk.org

219: Not Obviously Negligent

Kelly Shortridge (@swagitda_) spoke with us about the intersection of security and behavioral economics. Kelly’s writing and talks are linked from her personal site swagitda.com. Kelly is currently a Product Manager at SecurityScorecard.

Thinking Fast and Slow by Daniel Kahneman

What Works by Iris Bohnet

Risky Business, a podcast about security

Teen Vogue’s How to Keep Your Internet Browser History Private

Surveillance Self-Defense from EFF, including security for journalists as mentioned in the show

Bloomberg’s Matt Levine

Twitter suggestion @SwiftOnSecurity@thegrugq, and @sawgitda_.