Great! I will be there!
Monday, April 16, 2018
6:30 PM to 9:00 PM
999 3RD Avenue Suite 700 · Seattle, WA
On Fri, Apr 13, 2018 at 12:50 PM, Lee Fisher <unifex(a)riseup.net> wrote:
On 04/13/2018 04:33 AM, Lane Rasberry wrote:
I am in Seattle [...]
Is anyone free and interested to meet up at any time Monday [...]
3rd Mondays is, of course, TA3M Seattle, SURF Incubator downtown.
All from Wikipedia are invited.
Lane was one of the first people that helped me get TA3M organized, with
local contacts, though he was in NY.
-------- Forwarded Message --------
Subject: [ta3m-seattle-announce] We're on for Monday April 16 TA3M:
Firmware Security and SPC, Emerald Onion Updates
Date: Thu, 12 Apr 2018 12:26:16 -0700 (PDT)
From: Paul English <tallpaul(a)engmooski.net>
Reply-To: Paul English <tallpaul(a)engmooski.net>
To: Seattle Privacy <seattleprivacy(a)lists.riseup.net>
...and also thanks to TA3M organizers, we've also got a meetup.com
Join us on Meetup.com
(note: RSVPing via meetup.com
will assist with food and space planning.
If you’d rather not use meetup.com
, a more private / secure channel RSVP
would be welcome)
TA3M Seattle for April 2018: Firmware Security and SPC, Emerald Onion
April 16 @ 6:30 pm - 9:00 pm
« TA3M Seattle for March 2018: Securing the 2020 Election Process
April 16 @ 6:30 pm – 9:00 pm
999 3rd Ave Suite 700
Seattle, 98104 United States
6:30 – 7 Casual chat, Cryptoparty / PGP key exchange / Signal
Verification, Intro slide(s)
We’ll have pizza! **
7-7:30 Emerald Onion Update
Emerald Onion has been online for 10 months now! They will provide an
update of current work, and future ideals. More info at
7:30 – 8:00 Seattle Privacy Coalition General Meeting / Update
SPC Topic(s) TBA
8:00-9:00 – Firmware Malware Self-Defense
Paul English and Lee Fisher, PreOS Security
For attackers, platform firmware is the new software.
Activists, journalists, lawyers – regardless of your threat model, the
first steps are to secure the operating system, passwords / phrases, use
2 factor authentication and disk encryption.
Firmware security is an advanced topic, but well worth understanding,
particularly with data on portable devices and the risk of the Evil Maid
Most systems include hundreds of firmwares – UEFI or BIOS, PCIe
expansion ROMs, USB controller drivers, s torage controller host and
disk/SSD drivers. Firmware-level hosted malware, bare-metal or
virtualized, is nearly invisible to normal security detection tools, has
full control of your system, and can often continue running even when
the system is “powered off”. Security Firms (eg, “Hacking Team” sell
UEFI 0days to the highest bidder), and government agencies include
firmware-level malware (eg, Wikileak’ed Vault7 CIA EFI malware).
Defenders need to catch-up, and learn to defend their systems against
firmware-level malware. In this presentation, we’ll cover the NIST SP
(147,147b,155,193) secure firmware guidance, for citizens, rather than
vendors/enterprises. We’ll discuss the problem of firmware-level
malware, and cover some open source tools (FlashROM, CHIPSEC, etc.) to
help detect malware on your system. We’llbe discussing a new open source
tool we’ve just released to help make it easier for you to do this check.
Paul is CEO and Lee is CTO of PreOS Security, a local firmware security
startup focused on helping enterprises defend their systems firmware.
Lee co-founded TA3M Seattle, Paul is one of TA3M Seattle’s main
organizers. PreOS Security has been funding TA3M’s pizza up until recent
Pizza sponsored by Cloudflare.
Be prepared that there will be an opt-out group photo, taken from the
back of the room to fulfill the sponsorship requirements.
user:bluerasberry on Wikipedia