Error Code
Error Code is a biweekly narrative podcast that provides you both context and conversation with some of the best minds working today toward code resilience and dependability. Work that can lead to autonomous vehicles and smart cities. It’s your window in the research solving tomorrow’s code problems today.
Episodes
One of the problems with security is ROI. If I put in next gen this and next gen that and no security events happen, am I justified in making those expenditures? How do you quantify a risk like that? Padraic O’Reilly, founder and Chief Innovation Officer at CyberSaint, walks us through the risk analysis for IoT and OT systems, and why it’s important to understand this as we secure our critical infrastructure.
This is the story of how a researcher turns commercial and commonly used EDRs and Cloud-based backup systems into wipers against the very data they’re designed to protect. Or Yair, security research team lead at Safe Breach, talks about his two presentations at SecTor 2023 that consider how to turn common security tools into potentially malicious weapons.
There’s a lot of talk about using AI and LLM in security. For example, could ChatGPT detect the vulnerable spots for power for analysis in particular pieces of code using Advanced Encryption Standard? Witold Waligora, CEO of CloudVA, talks about his Black Hat Europe presentation, How We Taught ChatGPT-4 to Break mbedTLS AES With Side-Channel Attacks.
You might think that internet connected cameras would be limited in use by a bad actor. Actually such devices can be an entry point into an organization, providing yet another means of accessing the internal network. Mohammad Waqas, a field CTO at Armis, spoke at SecTor 2023 about the threat posed by IoT and OT devices in future cyberwarfare and discusses here why we need to broaden our attack surface defenses to include them.
There’s a fake news report about three million internet-enabled toothbrushes contributing to a botnet. Unfortunately the mainstream media ran with the story before questioning its basic assumptions. This is a story about IoT devices and the fact that we still don’t understand how they are vulnerable. Tom Pace, co-founder and CEO of NetRise, talks about vulnerabilities inherent in the IoT space that are often misconstrued and how we...
Ransomware groups have bifurcated with some doing pure ransomware and others going straight to extortion; it's whether the data is ransomed on your network or theirs. Nick Biasini from Cisco Talos talks about the threats he’s seeing, in particular, SapphireStealer which is open source and using GitHub to crowdsource new features.
The Purdue Model used in OT is essentially network security from the 1990s. New threats and new tech however required us to rethink that on the network side so how do we bring that new thinking to work with legacy OT systems? John Taylor of Versa Networks explains how there's a lot of implicit trust in the IoT and OT devices themselves, yet they don't have antivirus. Or firewalls. Worse, you're basically depending on the manufactur...
Flaws within the chips in our laptops, in our homes, and in our critical infrastructure could become the access one needs to steal data if not just shut down an assembly line, or hold up production of a vital resource like power or water. Josh Salmanson, senior vice president at Telos, discusses why we’re seeing more and more pre-compromised routers in critical environments today and what we might do to mitigate that in the near fu...
Can your OT function if the IT system goes down? OT self-sufficiency is critical for infrastructure such as rail systems. Christopher Warner, from GuidePoint Security, discusses how this infrastructure resilience is important not only for the rail industry but for most of the other critical infrastructures in general.
Quantum computers will change and even break the cryptography we have today. To defeat a "Harvest Now, Decrypt Later" strategy by bad actors (even nation states), Denis Mandich, CTO and co-founder of Qrypt, is proposing a type of crypto agility that compiles the keys on your laptop instead of distributing them across the internet. He also talks about how you won’t need a quantum computer in your home; you’ll be able to access one i...
When we think of massive compute power, we think of the Cloud when we really should consider the millions of unprotected OT devices with even greater slack computer power than all our current Cloud services combined. Sonu Shankar, Vice President of Product at Phosphorus Cybersecurity, talks about the challenge of communicating with PLCs and other devices, the risks from newer OT devices, and how all password-less OT devices really ...
There’s much of the electromagnetic spectrum that we cannot see. Like how LED wristbands are triggered at concerts or how to identify someone at DEF CON in a crowd of cellphones and electrical devices. Eric Escobar of SecureWorks provides some really clear analogies to help anyone visualize the differences between NFC, Bluetooth, and Wi Fi such as how your router and your microwave are both 2.4GHz - the difference is the number of ...
How might we mitigate the risk to millions of unauthenticated devices already out in the field? Ron Fabela, Field CTO at XONA Systems, has some ideas about how to achieve zero trust in either legacy or new OT systems. Really, it’s just a matter of reducing the attack surface.
In a talk at Black Hat USA 2023, Sharon Brizinov and Noam Moshe from Claroty Team82, disclosed a significant vulnerability in the Open Platform Communications Universal Architecture or OPC-UA, a univsersal protocol used to synchronize different OT devices. In this episode they also discuss a new open source OPC exploit framework designed to help OT vendors check their devices in development.
What would happen if someone stole the encryption keys for a major satellite? Well, it’d be game over. Unless the satellite used quantum cryptography. Skip Sanzeri from QuSecure explains how using “quantum tunnels” will allow even legacy satellites in orbit today to become secure in a rapidly approaching post-quantum world.
This is a story of what's needed for the Capture The Flag competition at DEF CON 31 to be hosted for the first time on a live satellite orbiting 400 kilometers above the Earth. Mike Walker continues his conversation, focusing more on the game to be played in Hack-A-Sat 4.
Moonlighter is the world’s first and only hacking sandbox in space. Currently orbiting the earth near the International Space Station, the satellite is the playground for this year’s Hack-A-Sat 4 competition at DEF CON 31. Mike Walker, from Cromulence, discusses the difference between hacking a live satellite in orbit vs the previous Hack-A-Sat CTFs which only simulated the experience. We discuss limited contact windows, latency, a...
Could a personal medical device be a threat for an organization? Turns out it’s similar to protecting against an attack on a mobile device. Except a denial of service here could prove fatal. Todd Brasel, the author of Security Issues of Personal Medical Devices: Concerns, Characteristics, and Controls, discusses with Error Code the research he’s done on devices either inside the body or just outside, the vulnerabilities in communic...
Josh Corman, VP of Cyber Safety Strategy at Claroty, is a hacker who knows U.S. public policy well. Ten years ago he created a volunteer organization, I Am The Cavalry, to help educate sitting legislators on active cybersecurity issues. In this episode of Error Code, Josh talks about the recently passed PATCH ACT and how it addresses some of the issues around patching medical devices over the lifetime of the device rather than just...
This is the story about researchers who monitor the threats against IoT and OT systems, and the steps being taken to mitigate them. Ishmael Valenzuela, Vice President of the threat research and Intelligence Team at BlackBerry, shares the latest insights from his company’s Cybersecurity Global Threat Intelligence Report. We talk about threats from Latin America and elsewhere, how firewalls alone won’t necessarily protect OT devices...
Popular Podcasts
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.
Anna Sale explores the big questions and hard choices that are often left out of polite conversation.
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
If you can never get enough true crime... Congratulations, you’ve found your people.
A straightforward look at the day's top news in 20 minutes. Powered by ABC News. Hosted by Brad Mielke.