Error Code

This is a story of what's needed for the Capture The Flag competition at DEF CON 31 to be hosted for the first time on a live satellite orbiting 400 kilometers above the Earth. Mike Walker continues his conversation, focusing more on the game to be played in Hack-A-Sat 4.

Moonlighter is the world’s first and only hacking sandbox in space. Currently orbiting the earth near the International Space Station, the satellite is the playground for this year’s Hack-A-Sat 4 competition at DEF CON 31. Mike Walker, from Cromulence, discusses the difference between hacking a live satellite in orbit vs the previous Hack-A-Sat CTFs which only simulated the experience. We discuss limited contact windows, latency, and other aspects of orbital mechanics which will surely influence how Hack-a-Sat 4 will be played.

Could a personal medical device be a threat for an organization? Turns out it’s similar to protecting against an attack on a mobile device. Except a denial of service here could prove fatal. Todd Brasel, the author of Security Issues of Personal Medical Devices: Concerns, Characteristics, and Controls, discusses with Error Code the research he’s done on devices either inside the body or just outside, the vulnerabilities in communications they sometimes have, and the mitigations available today.

Josh Corman, VP of Cyber Safety Strategy at Claroty, is a hacker who knows U.S. public policy well. Ten years ago he created a volunteer organization, I Am The Cavalry, to help educate sitting legislators on active cybersecurity issues. In this episode of Error Code, Josh talks about the recently passed PATCH ACT and how it addresses some of the issues around patching medical devices over the lifetime of the device rather than just at the time of FDA certification. He also talks about his experience working for CISA during COVID-19 and how that helped inform issues within the PATCH ACT.

This is the story about researchers who monitor the threats against IoT and OT systems, and the steps being taken to mitigate them.  Ishmael Valenzuela, Vice President of the threat research and Intelligence Team at BlackBerry, shares the latest insights from his company’s Cybersecurity Global Threat Intelligence Report. We talk about threats from Latin America and elsewhere, how firewalls alone won’t necessarily protect OT devices, how attackers and defenders are using AI technology, and how hospitals are seeing perhaps the most increase in threats.

There’s a lot of FUD around hacking the power grid. Most often, there’s a more common cause: Soot. Even Squirrels. Jori VanAntwerp, CEO of SynSaber. talks about the realities of the US power grid vs the myths. While there’s room to improve, there’s also a great amount of resilience already in the electrical system today.

How the rapid proliferation of EV charging stations is already leading to attacks on the stations and the vehicles themselves, and what we should do about it.  Charles Eagan, CTO of BlackBerry, talks about the rush to create these charging stations and the traditional problems with IoT – vulnerable versions of the OS, of the open source, and even some of the protocols being used. He also talks about how we can improve the security of software defined vehicles and their ecosystems.

The Biden-Harris 2023 National Cybersecurity Strategy breaks with Cold War thinking and offers a bold new approach to today’s online offense and defense. Danielle Jablanski from Nozomi Networks breaks down the ambitious new policy which includes explicit mention of ICS and OT technologies for the first time.

We’ve already seen botnets composed of compromised devices like routers and security cameras. So how do we secure them and our smart lightbulbs too? Window Snyder, CEO of Thistle Technologies, explains how new devices can be partitioned with failovers and then serviced with regular updates all monitored from a central dashboard. Even devices already in the field today can also be upgraded and secured in some cases.  

This is the story of Cris Thomas aka Space Rogue, who’s written perhaps the best book about the early days of hacking, Space Rogue: How the Hackers Known as the Loft Changed The World. Unlike a journalist merely chronicling events in Boston in the 1990s from the outside, Cris was on the inside. This is not only the story of the L0pht but it's also the story of his life, so he seamlessly provides the often missing context of the time with countless asides and anecdotes woven in instead of tacked on. In this episode of Error Code, Cris also drops a lot of names.