Error Code

Error Code is a biweekly narrative podcast that provides you both context and conversation with some of the best minds working today toward code resilience and dependability. Work that can lead to autonomous vehicles and smart cities. It’s your window in the research solving tomorrow’s code problems today.

Listen on:

  • Apple Podcasts
  • Podbean App
  • Spotify
  • Amazon Music
  • TuneIn + Alexa
  • iHeartRadio
  • PlayerFM
  • Samsung
  • Podchaser

Episodes

13 hours ago

What would happen if your GPS signal were jammed? It would impact more than just navigation – you'd also lose access to financial data and power. Joe Marshall, Senior IoT Strategist and Threat Researcher at Cisco Talos, discusses an innovative solution to maintain the country's power grid operations in the event of GPS jamming, whether it's a precautionary measure or an act of war.

Tuesday Nov 05, 2024

Cybercriminal tactics against ICS include direct threats against individuals for MFA credentials, sometimes escalating to physical violence if they won’t share. Jim Coyle, US Public Sector CTO for Lookout, warns about the increasing use of Android in critical Industrial Control Systems (ICS), such as HVAC systems, and how stealing MFA tokens from mobile devices could affect critical services like healthcare, finance, and water supply, depending on the goals of the attackers.

Tuesday Oct 22, 2024

If smart buildings are vulnerable to hacking, what about smart offices? Even devices like printers and lighting systems could give an attacker a way in. John Terrill, CSO at Phosphorus, recalls a moment while working at a hedge fund when he found himself in a room filled with priceless art. He realized that the security cameras safeguarding these artworks were operating on outdated software, potentially containing known vulnerabilities.

EP 47: Hacking Smart Buildings

Tuesday Oct 08, 2024

Tuesday Oct 08, 2024

If you are in IT, you are probably not thinking about the risks associated with the Otis Elevator or the Coke machine. Maybe you should. Chester Wisnieski, the director and global field CTO at Sophos, points out that IoT devices, big and small, create an outsized threat to any organization. And that’s why IoT vendors need to secure these devices, even if they only “phone home” for more Coke. If they’re on your network, they need to be secured.

Tuesday Sep 24, 2024

Political hacktivism once mainly focused on website defacement. Now it has shifted to targeting physical devices, affecting critical infrastructure such as water treatment plants. At Black Hat USA 2024, Noam Moshe from Claroty highlighted how the HMIs in PLC devices from Israeli manufacturers may be susceptible to political attacks by nation-state actors using unknown vulnerabilities in the PComm protocol.

Tuesday Sep 10, 2024

What if you could build your own embedded security tools, glitching devices for a fraction of the cost that you might expect. Like having a $150,000 laser setup for less than $500. A talk at Black Hat USA 2024 says you can. Sam Beaumont (Panth13r), Director of Transportation, mobility and cyber physical systems at NetSPI, and Larry Trowell (patch), Director of hardware embedded systems at NetSPI, along with a team of others, say that you can. Their talk, Laser Beams & Light Streams: Letting Hackers Go Pew Pew, Building Affordable Light-Based Hardware Security Tooling, should be a wake up call for all IoT and OT device vendors who should defend our IoT and OT devices, even against the unlikely attacks. Because soon enough, those attacks will become likely.

Tuesday Aug 27, 2024

Too few vulnerabilities in industrial control systems (ICS) are assigned CVEs because of client non-disclosure agreements. This results in repeatedly discovering the same vulnerabilities for different clients, especially in critical infrastructure. Don C. Weber from IOActive shares his experiences as an ICS security professional and suggests improvements, including following the SANS best practices for ICS security.. 

Tuesday Aug 13, 2024

At DEF CON 32, in the ICS village, researchers disclosed vulnerabilities in home and commercial solar panel systems that could potentially disrupt the grid. Dan Berte, Director of IoT security for Bitdefender, discusses his more than a decade in IoT, how the vendor maturity often isn’t there for our smart TVs or even for our solar panels, so reporting vulnerabilities sometimes goes nowhere. That doesn’t stop defenders like Dan, who, along with his team, work hard to change and to educate the industry.

EP 42: OT-CERT

Tuesday Jul 30, 2024

Tuesday Jul 30, 2024

The resources available at small utilities are scarce, and that’s a big problem because small water, gas, and electric facilities are increasingly under attack. Dawn Capelli of Dragos is the Director of OT-CERT, an independent organization that provides free resources to educate and even protect small and medium sized utilities from attack.

Tuesday Jul 16, 2024

For the last twenty years we’ve invested in software security without parallel development in firmware security. Why is that? Tom Pace, co-founder and CEO of NetRise, returns to Error Code to discuss the need for firmware software bills of materials, and why Zero Trust is a great idea yet so poorly implemented. As in Episode 30, Tom is a straight shooter, imparting necessary truth bombs about our industry. Fortunately he’s optimistic about our future.

Image

Error Code

Error Code is a biweekly narrative infosec podcast that provides you both context and conversation with some of the best minds working today toward code resilience and dependability. Work that can lead to autonomous vehicles and smart cities. It’s your window in the research solving tomorrow’s code problems today.

Copyright 2022 All rights reserved.

Podcast Powered By Podbean

Version: 20240731