The embedded system market is great! They give us the power to make things happen, and give us shiny unicorns. I'm coming at this with the approach of a service provider, producing hardware for end users. The developers, and system engineers seem to think that being a "custom" solution gives them amnesty from security. I will focus on issues that I have identified, and I would recommend for the future of embedded computing for commercial applications. Time permitting (and demo gods) I would love to do a demo of JTAG memory dumping, and show the fun things we can find using IDA Pro.
David has over 10 years of computer security experience, including pentesting, consulting, engineering, and administration. He works as a penetration tester and senior security consultant with Trustwave SpiderLabs. As an active participant in the information security community, he volunteers at DEFCON, where he designs and implements the firewall and network for what is said to be the most hostile network environment in the world. In his spare time he runs the local DEFCON group, DC612, is the president of the i Hackerspace ”The Hack Factory”, and participates in the Minneapolis OWASP chapter.