Alexander Sotirov

Alexander Sotirov is a computer security researcher. He has been a researcher at Determina[1] and VMware.[2]

He is well known for his discovery of the ANI browser vulnerability[3] as well as the so-called Heap Feng Shui technique[4] for exploiting heap buffer overflows in browsers. In 2008, he presented research at Black Hat showing how to bypass memory protection safeguards in Windows Vista. Together with a team of industry security researchers and academic cryptographers, he published research on creating a rogue certificate authority by using collisions of the MD5 cryptographic hash function[5] in December 2008.

Sotirov is a founder and organizer of the Pwnie awards and was on the program committee of the 2008 Workshop On Offensive Technologies (WOOT '08).[6]

References

  1. ^ John Markoff (2006-12-25). "Flaws Are Detected in Microsoft’s Vista". The New York Times. http://www.nytimes.com/2006/12/25/technology/25vista.html. Retrieved 2009-01-05. 
  2. ^ Dennis Fisher. "VMWare loses top security researcher Sotirov and exec Mulchandani". http://security.blogs.techtarget.com/2008/11/24/vmware-loses-top-security-researcher-sotirov-and-exec-mulchandani/. Retrieved 2009-01-05. 
  3. ^ "Vulnerability Note VU#191609: Microsoft Windows animated cursor stack buffer overflow". United States Computer Emergency Readiness Team. 2007-03-29. http://www.kb.cert.org/vuls/id/191609. Retrieved 2009-01-03. 
  4. ^ Alexander Sotirov. "Heap Feng Shui in JavaScript". http://www.blackhat.com/presentations/bh-europe-07/Sotirov/Whitepaper/bh-eu-07-sotirov-WP.pdf. Retrieved 2009-01-03. 
  5. ^ Sotirov, Alexander; Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger (2008-12-30). "MD5 considered harmful today". http://www.win.tue.nl/hashclash/rogue-ca/. Retrieved 2009-01-02. 
  6. ^ "2nd USENIX Workshop on Offensive Technologies (WOOT '08)". http://www.usenix.org/events/woot08/. Retrieved 2009-01-05. 

External links