Alexander Sotirov

From Wikipedia, the free encyclopedia

Jump to: navigation, search

Alexander Sotirov at the 25th Chaos Communication Congress

Alexander Sotirov is a computer security researcher. He has been a researcher at Determina^[1] and VMware.^[2]

He is well known for his discovery of the ANI browser vulnerability^[3] as well as the so-called Heap Feng Shui technique^[4] for exploiting heap buffer overflows in browsers. In 2008, he presented research at Black Hat showing how to bypass memory protection safeguards in Windows Vista. Together with a team of industry security researchers and academic cryptographers, he published research on creating a rogue certificate authority by using collisions of the MD5 cryptographic hash function^[5] in December 2008.

Sotirov is a founder and organizer of the Pwnie awards and was on the program committee of the 2008 Workshop On Offensive Technologies (WOOT '08).^[6]

[edit] References

^ John Markoff (2006-12-25). "Flaws Are Detected in Microsoft’s Vista". The New York Times. http://www.nytimes.com/2006/12/25/technology/25vista.html. Retrieved 2009-01-05.
^ Dennis Fisher. "VMWare loses top security researcher Sotirov and exec Mulchandani". http://security.blogs.techtarget.com/2008/11/24/vmware-loses-top-security-researcher-sotirov-and-exec-mulchandani/. Retrieved 2009-01-05.
^ "Vulnerability Note VU#191609: Microsoft Windows animated cursor stack buffer overflow". United States Computer Emergency Readiness Team. 2007-03-29. http://www.kb.cert.org/vuls/id/191609. Retrieved 2009-01-03.
^ Alexander Sotirov. "Heap Feng Shui in JavaScript". http://www.blackhat.com/presentations/bh-europe-07/Sotirov/Whitepaper/bh-eu-07-sotirov-WP.pdf. Retrieved 2009-01-03.
^ Sotirov, Alexander; Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger (2008-12-30). "MD5 considered harmful today". http://www.win.tue.nl/hashclash/rogue-ca/. Retrieved 2009-01-02.
^ "2nd USENIX Workshop on Offensive Technologies (WOOT '08)". http://www.usenix.org/events/woot08/. Retrieved 2009-01-05.

[edit] External links

Alexander Sotirov's website

P ≟ NP

This biographical article relating to a computer scientist is a stub. You can help Wikipedia by expanding it.

[0] John Markoff (2006-12-25). "Flaws Are Detected in Microsoft’s Vista". The New York Times. http://www.nytimes.com/2006/12/25/technology/25vista.html. Retrieved 2009-01-05.

[1] Dennis Fisher. "VMWare loses top security researcher Sotirov and exec Mulchandani". http://security.blogs.techtarget.com/2008/11/24/vmware-loses-top-security-researcher-sotirov-and-exec-mulchandani/. Retrieved 2009-01-05.

[2] "Vulnerability Note VU#191609: Microsoft Windows animated cursor stack buffer overflow". United States Computer Emergency Readiness Team. 2007-03-29. http://www.kb.cert.org/vuls/id/191609. Retrieved 2009-01-03.

[3] Alexander Sotirov. "Heap Feng Shui in JavaScript". http://www.blackhat.com/presentations/bh-europe-07/Sotirov/Whitepaper/bh-eu-07-sotirov-WP.pdf. Retrieved 2009-01-03.

[sslHarmful-4] Sotirov, Alexander; Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger (2008-12-30). "MD5 considered harmful today". http://www.win.tue.nl/hashclash/rogue-ca/. Retrieved 2009-01-02.

[5] "2nd USENIX Workshop on Offensive Technologies (WOOT '08)". http://www.usenix.org/events/woot08/. Retrieved 2009-01-05.

[1]

[2]

[3]

[4]

[5]

[6]

Persondata
Name	Sotirov, Alexander
Alternative names
Short description
Date of birth
Place of birth
Date of death
Place of death

Alexander Sotirov

[edit] References

[edit] External links

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation

Interaction

Toolbox

Print/export