The Amp Hour

An Interview with Joe FitzPatrick


Listen Later

Welcome, Joe FitzPatrick! (@securelyfitz)

  • Joe got started working at a CPU vendor, analyzing verilog and hardware for vulnerabilities. He moved on to training people in the company to look for these as well.
  • Afterwards, he moved to a private company doing trainings with his company SecuringHardware.com
  • Joe worked on a part of the NSAplayset, specifically the Slot Screamer, which works over PCI express. Ulf Frisk later built a software suite for it that auto ran a bunch of commands.
  • A recent snafu with software behind the mirror...
  • https://twitter.com/securelyfitz/status/870348354022133762
    • With USB-C, every device needs to be smart. If you want to watch traffic you need to do so with a tool like USB Proxy (Dominic Spill). The other Great Scott Gadget being used for USB analyisis is the Daisho (Jared Boone)
    • Thunderbolt3 converged with USB C.
    • We had previously talked about USB C when Jason Cerundulo was on talking about his EZ Bake Oven.
    • Joe talks about "hardware implants"
    • JTAG, SVF files
    • Oregon professional engineer who was getting sued
    • Bug bounty companies like Bug Crowd
    • There is an ISO standard about security disclosures
    • Joe will be at Recon helping with former guest Dmitry Nedospasov's training about using programmable hardware devices to test vulnerabilities.
    • There is a new joint group of trainings happening Nov 6-9 in San Francisco. More info can be found here: HardwareSecurity.training
    • devtty0 on Twitter
    • Joe's talk about compromising a yubikey and an RSA Token. Slides can be found here.
    • Joe's final words: Trust, but verify

      Chris is still frightened.

      ...more
      View all episodesView all episodes
      Download on the App Store

      The Amp HourBy The Amp Hour (Chris Gammell and David L Jones)

      • 4.9
      • 4.9
      • 4.9
      • 4.9
      • 4.9

      4.9

      226 ratings


      More shows like The Amp Hour

      View all
      The Changelog: Software Development, Open Source by Changelog Media

      The Changelog: Software Development, Open Source

      289 Listeners

      This Week in Tech (Audio) by TWiT

      This Week in Tech (Audio)

      3,061 Listeners

      Security Now (Audio) by TWiT

      Security Now (Audio)

      2,009 Listeners

      Software Engineering Daily by Software Engineering Daily

      Software Engineering Daily

      626 Listeners

      Talk Python To Me by Michael Kennedy

      Talk Python To Me

      583 Listeners

      SpyCast by SpyCast

      SpyCast

      1,534 Listeners

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

      648 Listeners

      Embedded by Logical Elegance

      Embedded

      190 Listeners

      Smashing Security by Graham Cluley

      Smashing Security

      317 Listeners

      Darknet Diaries by Jack Rhysider

      Darknet Diaries

      8,051 Listeners

      Physics World Weekly Podcast by Physics World

      Physics World Weekly Podcast

      77 Listeners

      Practical AI by Daniel Whitenack and Chris Benson

      Practical AI

      208 Listeners

      Hackaday Podcast by Hackaday

      Hackaday Podcast

      64 Listeners

      Latent Space: The AI Engineer Podcast by Latent.Space

      Latent Space: The AI Engineer Podcast

      101 Listeners

      Robinson's Podcast by Robinson Erhardt

      Robinson's Podcast

      265 Listeners