Adam Caudill

Security Leader, Researcher, Developer, Writer, & Photographer

  • Responsible Disclosure Is Wrong

    The debate around how, where, and when to disclose a vulnerability – and of course to whom – is nearly as old as the industry that spawned the vulnerabilities. This debate will likely continue as long as humans are writing software. Unfortunately, the debate is hampered by poor terminology. Responsible disclosure is a computer security term describing a vulnerability disclosure model. It is like full disclosure, with the addition that all stakeholders agree to allow a period of time for the vulnerability to be patched before publishing the details.

    Read more…

  • Making BSides Knoxville

    Two years of discussions, months of planning, weekly meetings, and thousands of dollars – BSides Knoxville 2015, the first BSides Knoxville that is, is in the books. By any metric I can think of, it was a resounding success – the feedback was great, awesome talks, good food, and a great atmosphere. I would like to give a little insight into the event, some of what I learned from it, what went right, went wrong, and how to make something like this without going insane.

    Read more…

  • Crypto Front Door: Everyone Welcome!

    For decades, the US Government has fought — sometimes with itself — to prevent the use of secure cryptography. During the first crypto war, they allowed strong cryptography within the US, but other countries were limited to small keys — making brute force attacks practical. But what about those pesky US citizens? They didn’t really want them to have strong crypto either — enter key escrow. What is key escrow? According to Wikipedia:

    Read more…

  • On the Underhanded Crypto Contest

    On August 15th of last year I asked if anybody would be interested in a contest for the best, most evil underhanded crypto techniques — the response was clear, and less than a month later I announced the creation of the contest. Proudly announcing, the #UnderhandedCrypto Contest! See here for details / rules: https://t.co/mNV0KCVdLu — Adam Caudill (@adamcaudill) September 3, 2014 Before I go any further, the contest simply wouldn’t have been possible without the huge effort by Taylor Hornby to help organize, coordinate and communicate.

    Read more…

  • The Evolution of Paranoia

    That researchers from Kaspersky Lab uncovered malware that uses hard-drive firmware has now been throughly discussed — perhaps too much for some people. It’s not exactly Earth-shattering news either, the idea has been discussed for years, and has been publicly demonstrated. Brandon Wilson and I were even working proof of concept for SSD controllers to demonstrate this based on our BadUSB work. This isn’t about that story, exactly. This is about paranoia, and how it has changed over the last few years — and even the last few months.

    Read more…

  • Utopia Found; Utopia Lost

    Sometime in the 1990’s I used a 2400-baud modem and connected to the internet for the first time; I found a new world, a better world. A world where ideas and intellect set people apart, not skin color, or political affiliation, of even the pseudo-scandal of the day (which is probably just a disguise for ignorance and intolerance). It was a time of invention, in a world where everything was new and the potential was unlimited.

    Read more…

  • 2014: Year In Review

    Inspired by a post from Scott Arciszewski, I’ve decided to go ahead and publish a year in review post. This is something that I’ve generally avoided in the past, as the tone of these posts is more often than not, just cynicism and negativity. After seeing Scott’s post, it made me think about how such a review can be used to send a positive message — something desperately needed. Year after year, we see predictions, projections, and sales pitches — and the cynical responses that they always generate.

    Read more…

  • Irrational Attribution: APT3.14159

    Note: This is satire / fiction; well, more or less – probably more more than less. Any resemblance to real companies, living or dead, is purely coincidental. WASHINGTON, D.C — Unnamed White House officials that spoke on the condition of anonymity, have stated that a major American company has been hacked, and the attackers are threatening to release terabytes of proprietary information. The name of the company has not been released at this time.

    Read more…

  • Orwellian Justice

    A few hours ago, a Grand Jury in New York decided that the video-taped murder of an unarmed man didn’t justify a trial to determine if those, clearly seen and identified, who killed him had broken any laws. The man I speak of is Eric Garner. What struck me immediately, was the Orwellian undertones that this event has. Grand Juries & Time Control He who controls the past controls the future.

    Read more…

  • Speaking at SC Magazine Congress

    Last week Brandon Wilson and I gave the lunch keynote at the SC Magazine Congress event in Chicago. It was a fun, more executive level event – a big thanks to Eric Green and team. The talk was mostly an executive overview of what was discussed at our DerbyCon talk, with some updates, and some insights. Here are the slides, and a rough transcript from the event: This is based on the speaker notes – so it doesn’t include the discussion and other bits that were said.

    Read more…