The embedded system market is great! They give us the power to make things happen, and give us shiny unicorns. I'm coming at this with the approach of a service provider, producing hardware for end users. The developers, and system engineers seem to think that being a "custom" solution gives them amnesty from security. I will focus on issues that I have identified, and I would recommended for the future of embedded computing for commercial applications. Time permitting (and demo gods) I would love to do a demo of JTAG memory dumping, and show the fun things we can find using IDA Pro.
David MN Bryan / VideoMan
David has over 10 years of computer security experience, including pentesting, consulting, engineering, and administration. As an active participant in the information security community, he volunteers at DEFCON, where he designs and implements the firewall and network for what is said to be the most hostile network environment in the world. This network allows speakers, press, vendors, and others to gain access to the Internet, without being hacked. In his spare time he runs the local DEFCON group, DC612, is the president of the Minneapolis Hack Factory, and participates in the Minneapolis OWASP chapter.