[ISN] Five Hackers Who Left a Mark on 2006

From: InfoSec News (alerts@private)
Date: Tue Jan 02 2007 - 22:15:57 PST


By Ryan Naraine
January 2, 2007

In the security year that was 2006, zero-day attacks and exploits 
dominated the headlines.

However, the year will be best remembered for the work of members of the 
hackinger, security researchcommunity who discovered and disclosed 
serious vulnerabilities in the technologies we take for granted, forced 
software vendors to react faster to flaw warnings and pushed the 
vulnerability research boat into new, uncharted waters.

In no particular order, here's my list of five hackers who left a 
significant mark on 2006 and set the stage for more important 
discoveries in 2007:

H.D. Moore

H.D. Moore has always been a household nameand a bit of a rock starin 
hacker circles. As a vulnerability researcher and exploit writer, he 
built the Metasploit Framework into a must-use penetration testing tool. 
In 2006, Moore reloaded the open-source attack tool with new tricks to 
automate exploitation through scripting, simplify the process of writing 
an exploit, and increase the re-use of code between exploits.

Moore's public research also included the MoBB (Month of Browser Bugs) 
project that exposed security flaws in the world's most widely used Web 
browsers; a malware search engine that used Google search queries to 
find live malware samples; the MoKB (Month of Kernel Bugs) initiative 
that uncovered serious kernel-level flaws; and the discovery of Wi-Fi 
driver bugs that could cause code execution attacks.

Love him or hate himhackers marvel at his skills while software vendors 
decry his stance on vulnerability disclosure - Moore's work nudged the 
security discussion to the mainstream media and confirmed that 
vulnerability research will remain alive in 2007.

Jon "Johnny Cache" Ellch and David Maynor

At the Black Hat Briefings in Las Vegas, Jon "Johnny Cache" Ellch teamed 
up with former SecureWorks researcher David Maynor to warn of 
exploitable flaws in wireless device drivers. The presentation triggered 
an outburst from the Mac faithful and an ugly disclosure spat that still 
hasn't been fully resolved.

For Ellch and Maynor, the controversy offered a double-edged sword. In 
many ways, they were hung out to dry by Apple and SecureWorks, two 
companies that could not manage the disclosure process in a professional 
manner. In some corners of the blogosphere, they were unfairly maligned 
for mentioning that the Mac was vulnerable.

However, security researchers who understood the technical natureand 
severityof their findings, Ellch and Maynor were widely celebrated for 
their work, which was the trigger for the MoKB (Month of Kernel Bugs) 
project that launched with exploits for Wi-Fi driver vulnerabilities.

Since the Black Hat talk, a slew of vendorsincluding Broadcom, D-Link, 
Toshiba and Applehave shipped fixes for the same class of bugs 
identified by Ellch and Maynor, confirming the validity of their 

Maynor has since moved on, leaving SecureWorks to launch Errata 
Security, a product testing and security consulting startup.

Mark Russinovich

Before Mark Russinovich's mind-blowing expose of Sony BMG's use of 
stealth technology in a DRM (digital rights management) scheme, 
"rootkit" was a techie word. Now, the word is being used in marketing 
material for every anti-virus vendor, cementing Russinovich's status as 
a Windows internals guru with few equals.

The Sony rootkit discovery highlighted the fact that anti-virus vendors 
were largely clueless about the threat from stealth malware and forced 
security vendors to build anti-rootkit scanners into existing products.

Russinovich, who now works at Microsoft after Redmond acquired 
Sysinternals, spent most of 2006 expanding on his earlier rootkit 
warnings and building new malware hunting tools and utilities.

Joanna Rutkowska

Polish researcher Joanna Rutkowska also used the spotlight of the 2006 
Black Hat Briefings to showcase new research into rootkits and stealthy 
malware. In a standing-room-only presentation, she dismantled the new 
driver-signing mechanism in Windows Vista to plant a rootkit on the 
operating system and also introduced the world to "Blue Pill," a virtual 
machine rootkit that remains "100 percent undetectable," even on Windows 
Vista x64 systems.

In 2006, Rutkowska also pinpointed inherent weaknesses in anti-virus 
software; warned that the major operating system vendors are not yet 
ready for hardware virtualization technology and confirmed fears that 
stealth malware in the operating system's biggest security threat.

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Tue Jan 02 2007 - 22:23:01 PST