@36930
Security experts and law enforcement officers often talk about
the fact that hacking is a full-time, 24-hour-a-day job for the bad
guys. They have no hobbies, they don't go to movies or ball games
or museum openings. All they do is dismantle code looking for new
vulnerabilities, build exploits and attack your networks. That's
not a very comforting thought if you're a security manager.
But the good news is that there are folks on the right side of
the fence who are just as dedicated, smart and motivated as the
attackers are. The last few years has seen an explosion in the
number of researchers doing serious work on rootkits, hardware
security, P2P malware and other advanced problems. Some of these
people are well-known, but many others work mainly behind the
scenes and are not in a position to seek the limelight. In an
effort to remedy that situation, here is an admittedly
non-comprehensive list of researchers, hackers and security
professionals you should keep an eye on. (Note: This is not a
Top 6 or any kind of ranking; just a look at some folks doing good
work.)
- Dino Dai Zovi. He's gotten a lot of attention of late
for finding the QuickTime vulnerability that won the MacBook
hacking contest at CanSecWest, but Dai Zovi has done a lot of
interesting high-quality work in the last few years. Dai Zovi is
the rare researcher who is as comfortable digging into OS X as he
is tinkering with Windows. A former researcher at @stake and
Matasano Security, Dai Zovi developed a
virtual machine rootkit called Vitriol designed to subvert the
Mac OS X kernel. And, along with Shane "K2" Macaulay, he built a
wireless client
security assessment tool called KARMA that enables users to see
which wireless networks any client in range is probing for. "Dino
is one of the top vulnerability researchers out there based on his
skill. He doesn't do much research so he is not prolific but if he
has a particular target in mind he can usually find a
vulnerability," said Chris Wysopal, CTO of Veracode, who worked
with Dai Zovi at @stake and co-authored a new book called "The Art
of Software Security Testing" with him. "He is especially adept at
OS X research which is a platform that most researchers haven't
bothered with so there aren't many out there that have honed their
skills on it." Any wagers on who might be the first one to p0wn an
iPhone?
- @36927
- Dave Dittrich. Dittrich is one of those unassuming
researchers who goes about his work because he loves the
intellectual challenge of it and not because he loves seeing his
name in the paper. Best known for his expertise on DDoS attacks and
his work with The Honeynet Project,
Dittrich may be the most knowledgeable guy in the industry on
botnets and the evolution of distributed attacks. The kind of
advanced research and forensics work that Dittrich is doing right
now on peer-to-peer malware and the command-and-control systems of
massive botnets is beyond the scope of work being done just about
anywhere else, including the federal government. Dittrich, a senior
security engineer and researcher at the University of Washington's
Center for Information Assurance and Cybersecurity, works closely
with the government on some projects and is known to work long
hours on his own time to solve particularly thorny forensic
problems. "Dave Dittrich is truly a world-class expert on botnets.
His research is not only impressive but seminal in that he offers
new, leading-edge views into the very dark side of the world of
cybercrime and cyberwarfare," said Ernie Hayden, manager of
enterprise information security at the Port of Seattle. "Without
Dave's efforts and focus on this problem, I'm convinced that our
knowledge of this issue would be barren and at best
shallow."
- Nate Lawson. Known to DVD hackers everywhere as the
co-designer of the copy protection scheme for Blu-Ray discs, Lawson
has a wide range of talents, including cryptography, reverse
engineering and the security of embedded devices. Few researchers
are as adept at moving between the worlds of software and hardware
as Lawson is. To wit: He designed RealSecure, the first commercial
IDS, and later, Decru's fibre channel encryption appliance. Lawson
also has been involved with the development of the FreeBSD kernel
for five years. Lawson doesn't fit the classic definition of a
researcher in that he doesn't spend his days looking for
vulnerabilities in software. But he's one of the few guys, along
with Bunnie Huang and a handful of others, doing serious work on
the security of hardware devices and embedded software. Lawson
spent several years with Cryptography Research and is now out on
his own as a consultant with Root Labs doing a lot of work on
cryptography, security assessments of software, hardware and
firmware. He's also working on the crypto for an incredibly cool
device that Huang's company is building, called
the Chumby. "[Nate] is one of the
rare individuals that can bridge the gap between academic research
and practitioner's work. He understands the role of both offensive
and defensive technologies and mindsets in attaining improved
security postures, and he doesn't fear math nor crunching quality
code," said Ivan Arce, chief technology officer of Core Security.
"His insights, his work at CRI, Decru and ISS as well as his
contributions to the FreeBSD project have not been in the spotlight
but they have certainly helped evolve the info security discipline
quite a bit."
- Joanna Rutkowska. Like Lawson, Rutkowska is very well
known in some circles, and she's been doing pretty high level
research for several years. But her recent work on virtual rootkits
and other types of stealth malware have thrust her into the
spotlight in a big way. Rutkowska gave a presentation at this
year's Black Hat Federal conference on various techniques for
defeating
hardware-based RAM acquisition that had a number of other top
hackers shaking their heads in amazement. She recently started her
own security consultancy, Invisible Things Lab, which will be doing
security assessments and research. Rootkits have gotten a lot of
attention in the last year or so, but the number of researchers who
have done significant research on their attributes and ways to go
about defeating them is quite small, to include Rutkowska, Jamie
Butler, Greg Hoglund, John Heasman and Mark Russinovich. Watch for
more from her. Soon.
- @37015
- Billy Hoffman. Hoffman, a lead research and development
engineer at SPI Dynamics, is one of the members of the younger
generation of researchers and hackers who spend most of their time
poring over browser and application code, leaving the operating
system work to others. He is especially fond of JavaScript and is
known as one of the top JS security experts in the industry.
Earlier this year Hoffman developed a pure JS
tool called Jikto , which is designed to exploit cross-site
scripting vulnerabilities and build a large-scale botnet that can
be used for whatever purpose the attacker chooses. Hoffman was one
of the first researchers to begin talking about the serious
security problems that can affect Web applications and what to do
about them. Given that he's still in his mid-20s, Hoffman likely
will be making a lot of noise for years to come.
- @37016
- Vern Paxson. Paxson is sort of the Internet analog of a
baseball umpire: If everything is running smoothly, you'll never
even know he's there. Things rarely run smoothly on the Internet,
but Paxson, an adjunct associate professor at UC Berkeley and a key
member of the team at the International Computer Science
Institute's Center for Internet Research, has several projects in
the works to help remedy that. An authority on the early detection
and containment of worms and other rapidly spreading malware,
Paxson is part of team working on the
network telescope
project funded by the National Science Foundation, which aims
to provide early warnings about new worm activity by monitoring
unallocated IP address space. He also is working on DETER, a
collaborative research effort among a number of major universities
and SRI International, which comprises a handful of individual
investigative projects on worm behavior and defenses. Paxson's
piece of DETER is an effort to model the behavior of the Slammer
worm on a testbed network. "Vern is one of these guys who is a
total expert on network protocols and systems architecture and
knows as much as anyone about worm behavior modeling," Lawson
said.
Who else should be on this list? Let me know what you think
at
dfisher@techtarget.com.