431: Becoming More of a Smurf

Jasper van Woudenberg spoke with us about hacking hardware, writing a technical book, and ethics.

The Hardware Hacking Handbook was written by Jasper and Colin O’Flynn (ChipWhisperer and episode 286: Twenty Cans of Gas). The site related to the book is hardwarehacking.io, you don’t need the book to play with some of the examples.

Jasper (@jzvw) is also the CTO of Riscure North America, a company that specializes in hardware security. They are hiring.  

Transcript

427: No Fisticuffs or Casting of Spells

Elizabeth Wharton spoke to us about laws, computers, cybersecurity, and funding education in rural communities. She is a strong proponent of privacy by design and de-identification by default.

Liz (@LawyerLiz) is the VP of Operations at Scythe.io (@scythe_io), a company that works in cybersecurity. She won the Cybersecurity or Privacy Woman Law Professional of the Year for 2022 at DefCon.

Liz is on the advisory board of the Rural Tech Fund (@ruraltechfund) which strives to reduce the digital divide between rural and urban areas.

We mentioned disclose.io and the Computer Fraud and Abuse Act (CFAA, wiki).

Transcript

415: Rolling Computers

Lead Solution Architect at Cymotive, Benny Meisels spoke with us about implementing embedded software security in cars. The discussion touches ECUs, IoT vehicles, threat and risk analysis, and how reverse engineering plays a role in security testing.

Benny works at Cymotive (https://www.cymotive.com/). You can find him on LinkedIn benny-meisels or on Twitter @benny_meisels.

Resources for automotive security:

Framework Laptop 

Transcript

286: Twenty Cans of Gas (Repeat)

Colin O’Flynn (@colinoflynn) spoke with us about security research, power analysis, and hotdogs.

Colin’s company is NewAE and you can see his Introduction to Side-Channel Power Analysis video as an intro to his training course. Or you can buy your own ChipWhisperer and go through his extensive tutorials on the wiki pages.

ChipWhisperer on Hackaday

ColinOFlynn.com

Some FPGA resource mentioned:

311: Attack Other People's Refrigerators

Rick Altherr (@kc8apf) spoke with us about firmware security and mentoring.

Rick is a security researcher at Eclypsium. His personal website is kc8apf.net.

Rick’s deeply technical dive into reverse engineering car ECUs and FPGA bitstreams was on the Unnamed Reverse Engineering Podcast, episode 24. He also spoke with Chris Gammell The Amp Hour 357 about monitoring servers, many many servers.

Firmware security links:

Thank you to our Embedded Patreon supporters, particularly to our corporate patron, InterWorking Labs (iwl.com).


286: Twenty Cans of Gas

Colin O’Flynn (@colinoflynn) spoke with us about security research, power analysis, and hotdogs.

Colin’s company is NewAE and you can see his Introduction to Side-Channel Power Analysis video as an intro to his training course. Or you can buy your own ChipWhisperer and go through his extensive tutorials on the wiki pages.

ChipWhisperer on Hackaday

ColinOFlynn.com

Some FPGA resource mentioned:

258: Security Is Another Dimension

We spoke with Axel Poschmann of DarkMatter LLC (@GuardedbyGenius) about embedded security.

For a great in-depth introduction, Axel suggested Christof Paar’s Introduction to Cryptography class, available on YouTube. We also talked about ENISA’s Hardware Threat Landscape and Good Practices Guide.

Axel will be speaking at Hardwear.io, a security conference for the hardware and security community. The conference consists of training (11th - 12th Sept 2018) and conference (13th - 14th Sept 2018). It is in The Hague, Netherlands.

DarkMatter is hiring

Elecia has some discount coupons for the Particle.io Spectra conference.

229: Slinky with a Lot of Math

Nick Kartsioukas (@ExplodingLemur) spoke with us about information security, melting down spectres, lemurs, and sensible resolutions.

Nick recommends Aumasson’s Serious Cryptography (also available from NoStarch) as a good orientation. (Offline, he also recommended Shneier’s Secrets and Lies.)  

When thinking about security, you need to develop your threat model (EFF) and not panic (Mickens). As a user of the internet, there are some getting started guides (Motherboard, EFF, Smart Girl’s Guide to Privacy) along with Nick’s advice of using an antivirus program (comparison), an Adblocker (uBlock), a password manager, and 2-factor authentication. Data backups are also very useful (3-2-1 rule: 3 copies, 2 separate media, 1 offsite). For a professional infosec perspective, the CIS 20 are best practice guidelines for computer security.

For Spectre and Meltdown, the best high-level explanation is in Twitter from @gsuberland though XKCD does its usual good job as well. For more detail, about speculative execution bugs, check out this github readme.

For the history of the Stuxnet, check out Zetter’s Countdown to Zero Day and the Security Now podcast episode 291.

Ham radio Field Days for 2018 are June 23-24

Last but not least: Depression lies so get help and if you want to know how to help someone else, look at MakeItOk.org

219: Not Obviously Negligent

Kelly Shortridge (@swagitda_) spoke with us about the intersection of security and behavioral economics. Kelly’s writing and talks are linked from her personal site swagitda.com. Kelly is currently a Product Manager at SecurityScorecard.

Thinking Fast and Slow by Daniel Kahneman

What Works by Iris Bohnet

Risky Business, a podcast about security

Teen Vogue’s How to Keep Your Internet Browser History Private

Surveillance Self-Defense from EFF, including security for journalists as mentioned in the show

Bloomberg’s Matt Levine

Twitter suggestion @SwiftOnSecurity@thegrugq, and @sawgitda_.