2014: Year In Review
Inspired by a post from Scott Arciszewski, I’ve decided to go ahead and publish a year in review post. This is something that I’ve generally avoided in the past, as the tone of these posts is more often than not, just cynicism and negativity. After seeing Scott’s post, it made me think about how such a review can be used to send a positive message — something desperately needed. Year after year, we see predictions, projections, and sales pitches — and the cynical responses that they always generate.
Read more…Irrational Attribution: APT3.14159
Note: This is satire / fiction; well, more or less – probably more more than less. Any resemblance to real companies, living or dead, is purely coincidental. WASHINGTON, D.C — Unnamed White House officials that spoke on the condition of anonymity, have stated that a major American company has been hacked, and the attackers are threatening to release terabytes of proprietary information. The name of the company has not been released at this time.
Read more…Orwellian Justice
A few hours ago, a Grand Jury in New York decided that the video-taped murder of an unarmed man didn’t justify a trial to determine if those, clearly seen and identified, who killed him had broken any laws. The man I speak of is Eric Garner. What struck me immediately, was the Orwellian undertones that this event has. Grand Juries & Time Control He who controls the past controls the future.
Read more…Speaking at SC Magazine Congress
Last week Brandon Wilson and I gave the lunch keynote at the SC Magazine Congress event in Chicago. It was a fun, more executive level event – a big thanks to Eric Green and team. The talk was mostly an executive overview of what was discussed at our DerbyCon talk, with some updates, and some insights. Here are the slides, and a rough transcript from the event: This is based on the speaker notes – so it doesn’t include the discussion and other bits that were said.
Read more…On NSA-Proof Security
@KimZetter We need to distinguish between "proof against NSA dragnet", "proof against NSA PRISM", and "proof against NSA TAO". @runasand — zooko (@zooko) September 17, 2014 For a long time, “military grade encryption” has been a red flag for snake oil, over-hyped, under-performing garbage, so much so that it’s become a punchline. Anytime that phrase is seen, it’s assumed that the product is a joke – quite possibly doing more harm than good.
Read more…A backdoor by any other name…
Yesterday James B. Comey, the Director of the FBI continued the propaganda campaign against encryption with a fresh batch of lies and misdirection. The FBI has been pushing to add backdoors to cryptosystems around the world – no matter how many people they put at risk in the process. Starting in the 1990’s, the FBI has been at the forefront of trying to make their job easier by endangering the world.
Read more…On The Ethics of BadUSB
Last Friday, Brandon Wilson and I gave a talk on BadUSB at DerbyCon – I wrote some about it yesterday. Yesterday, Wired published an article on the talk, kicking off several others – only the authors of the Wired and Threatpost articles contacted us for input. There has been some questions raised as to the responsibility of releasing the code – so I want to take a few minutes to talk about what we released, why, and what the risks actually are.
Read more…Making BadUSB Work For You – DerbyCon
Last week Brandon Wilson and I were honored to speak at DerbyCon, on the work we’ve been doing on the Phison controller found in many USB thumb drives. This was my first time speaking at DerbyCon – it’s a great event, with a fantastic team making the magic happen. Slides: Video (which I’ve haven’t been able to bring myself to watch): Now that the dust has settled, I would like to provide some updates, thoughts, and extra information – and maybe correct an error I made during the presentation.
Read more…IETF Action on Secure Email
Early last week I emailed a group of IETF Area Directors, for the Security and Applications areas, asking them to start the process of creating a new Working Group to address the issues around email security. (Thanks Adrian Farrel for the prodding!) Today, the first result of the effort has been completed – the new endymail mailing list. An IETF venue to discuss how these issues can be addressed, hopefully laying the groundwork updated standards to improve email as we know it today, and eventually standardizing a replacement to SMTP and related protocols.
Read more…SMIMP at the DEFCON Crypto Village
Last week I gave a lighting talk at the DEFCON CryptoVillage on SMIMP. The talk went over the basics of why the project is needed, and how the specification works. Here are the slides: Here is a rough transcript of the talk: Slide 1: I’m Adam Caudill, I’m a developer and security researcher; I work on a number of different things, but my recent work has been around privacy and secure messaging.
Read more…
About Me
Security researcher, engineer and software developer with more than 20 years of experience.
Work: I primarily focus on application security, usable security, secure communications, and cryptography. I build and lead strong and dynamic teams, who cover all facets of security and privacy.
Writing: I write about my research, security in general, development and software design, and leadership through my blog, essays, and various publications. I also engage in some creating writing when I can.
Photography: I am a purist fine art photographer, working primarily in black & white, and focused on sharing new perspectives of the world. Limited edition prints of my work are available on my online gallery. I also have a background in photojournalism, and volunteer in this field when I can.