The Amp Hour Electronics Podcast

The Amp Hour Electronics Podcast

Chris Gammell and Dave Jones' voices span the chasm of thousands of miles each and every week to speak to each other and industry experts about where the field of electronics is moving. Whether it be a late breaking story about a large semiconductor manufacturer, a new piece of must-have test equipment or just talking through recent issues with their circuit designs, Chris and Dave try to make electronics more accessible for the listeners. Most importantly, they try and make the field of electronics more fun. Guests range from advanced hobbyists working on exciting new projects up through C-level executives at a variety of relevant and innovative companies. Tune in to learn more about electronics and then join the conversation! Visit The Amp Hour website for our back catalog of 150+ episodes.

https://theamphour.com

Science Physics
Technology
Education How to
subscribe
share






claim!
report

#346 – An Interview with Joe FitzPatrick

Welcome, Joe FitzPatrick! (@securelyfitz)

  • Joe got started working at a CPU vendor, analyzing verilog and hardware for vulnerabilities. He moved on to training people in the company to look for these as well.
  • Afterwards, he moved to a private company doing trainings with his company SecuringHardware.com
  • Joe worked on a part of the NSAplayset, specifically the Slot Screamer, which works over PCI express. Ulf Frisk later built a software suite for it that auto ran a bunch of commands.
  • A recent snafu with software behind the mirror…

I woke up and looked in the mirror. My face was the color of television, tuned to a dead channel. pic.twitter.com/LrSpcro0b7

— Joe Fitz (@securelyfitz) June 1, 2017

  • With USB-C, every device needs to be smart. If you want to watch traffic you need to do so with a tool like USB Proxy (Dominic Spill). The other Great Scott Gadget being used for USB analyisis is the Daisho (Jared Boone)
  • Thunderbolt3 converged with USB C.
  • We had previously talked about USB C when Jason Cerundulo was on talking about his EZ Bake Oven.
  • Joe talks about “hardware implants“
  • JTAG, SVF files
  • Oregon professional engineer who was getting sued
  • Bug bounty companies like Bug Crowd
  • There is an ISO standard about security disclosures
  • Joe will be at Recon helping with former guest Dmitry Nedospasov‘s training about using programmable hardware devices to test vulnerabilities.
  • There is a new joint group of trainings happening Nov 6-9 in San Francisco. More info can be found here: HardwareSecurity.training
  • devtty0 on Twitter
  • Joe’s talk about compromising a yubikey and an RSA Token. Slides can be found here.

Joe’s final words: Trust, but verify

Chris is still frightened.

fyyd: Podcast Search Engine
share








 June 5, 2017  1h6m