[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Needs more hardware hacking dox



>> I don't see much about hardware hacking on CPunks. [...]

I maintain FirmwareSecurity.com, a blog focused on firmware security and
developmen, mostly UEFI-focused. Hardware security is a topic, since
most firmware is very hardware-specific. It isn't a fancy blog, I still
haven't learned WordPress, it is mostly a paragraph or two of text and a
few URLs for a topic. I try to put personal research here so others can
benefit. The sad thing is I was looking for a better source and haven't
found it, so my lame blog is nearly the best there is. :-(

There are a few who teach hardware hacking classes, look at the
pre-conference training offerings of the normal infosec conference
circuit events, Black Hat, Def Con, Can Sec West, Infiltrate, REcon,
Troopers, etc. Look into the Stanford.edu LiberationTech mailing list,
there's a lot of personal technology security/privacy issues there, more
for activists but similar to OP's list of topics. I'm not sure of the
latest citizen-focused guidance for physical+cyber security. I expect
there's a link to the contenders on the LiberationTech list.

There is more happening on hardware/firmware security on Twitter than on
mailing lists. It would be nice to have a hardware/firmware hacking
mailing list. Not sure if some of the younger security researchers and
hackers will be able to spend time away from Twitter/Facebook/Reddit to
contribute to a mailing list, though. :-(

> I'm working on influencing security in embedded, e.g., writing and
> designing secure systems (comprehensively, starting with arch & code.)
It's
> an educational effort with embedded ISVs and OEMs at every step, you can
> presume the market, if they're thinking of security at all, is currently
> buying into 'fire-walling' and 'obfuscation' approaches. [..]

I'd love an URL to the above embedded security work, if any exists!