Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Five Hackers Who Left a Mark on 2006



 By: Ryan Naraine
2007-01-02
Article Rating:starstarstarstarstar / 4


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
In a year that will be best remembered for zero-day malware attacks, five members of the hacking—er, security research—community pushed vulnerability research to new heights.

In the security year that was 2006, zero-day attacks and exploits dominated the headlines.

However, the year will be best remembered for the work of members of the hacking—er, security research—community who discovered and disclosed serious vulnerabilities in the technologies we take for granted, forced software vendors to react faster to flaw warnings and pushed the vulnerability research boat into new, uncharted waters.

In no particular order, heres my list of five hackers who left a significant mark on 2006 and set the stage for more important discoveries in 2007:

H.D. Moore

H.D. Moore has always been a household name—and a bit of a rock star—in hacker circles. As a vulnerability researcher and exploit writer, he built the Metasploit Framework into a must-use penetration testing tool. In 2006, Moore reloaded the open-source attack tool with new tricks to automate exploitation through scripting, simplify the process of writing an exploit, and increase the re-use of code between exploits.

Resource Library:

Moores public research also included the MoBB (Month of Browser Bugs) project that exposed security flaws in the worlds most widely used Web browsers; a malware search engine that used Google search queries to find live malware samples; the MoKB (Month of Kernel Bugs) initiative that uncovered serious kernel-level flaws; and the discovery of Wi-Fi driver bugs that could cause code execution attacks.

Love him or hate him—hackers marvel at his skills while software vendors decry his stance on vulnerability disclosure—Moores work nudged the security discussion to the mainstream media and confirmed that vulnerability research will remain alive in 2007.

Jon "Johnny Cache" Ellch and David Maynor

At the Black Hat Briefings in Las Vegas, Jon "Johnny Cache" Ellch teamed up with former SecureWorks researcher David Maynor to warn of exploitable flaws in wireless device drivers. The presentation triggered an outburst from the Mac faithful and an ugly disclosure spat that still hasnt been fully resolved.

For Ellch and Maynor, the controversy offered a double-edged sword. In many ways, they were hung out to dry by Apple and SecureWorks, two companies that could not manage the disclosure process in a professional manner. In some corners of the blogosphere, they were unfairly maligned for mentioning that the Mac was vulnerable.

However, among security researchers who understood the technical nature—and severity—of their findings, Ellch and Maynor were widely celebrated for their work, which was the trigger for the MoKB (Month of Kernel Bugs) project that launched with exploits for Wi-Fi driver vulnerabilities.

Since the Black Hat talk, a slew of vendors—including Broadcom, D-Link, Toshiba and Apple—have shipped fixes for the same class of bugs identified by Ellch and Maynor, confirming the validity of their findings.

Maynor has since moved on, leaving SecureWorks to launch Errata Security, a product testing and security consulting startup.

Mark Russinovich

Before Mark Russinovichs mind-blowing expose of Sony BMGs use of stealth technology in a DRM (digital rights management) scheme, "rootkit" was a techie word. Now, the word is being used in marketing material for every anti-virus vendor, cementing Russinovichs status as a Windows internals guru with few equals.

The Sony rootkit discovery highlighted the fact that anti-virus vendors were largely clueless about the threat from stealth malware and forced security vendors to build anti-rootkit scanners into existing products.

Russinovich, who now works at Microsoft after Redmond acquired Sysinternals, spent most of 2006 expanding on his earlier rootkit warnings and building new malware hunting tools and utilities.

Joanna Rutkowska

Polish researcher Joanna Rutkowska also used the spotlight of the 2006 Black Hat Briefings to showcase new research into rootkits and stealthy malware. In a standing-room-only presentation, she dismantled the new driver-signing mechanism in Windows Vista to plant a rootkit on the operating system and also introduced the world to "Blue Pill," a virtual machine rootkit that remains "100 percent undetectable," even on Windows Vista x64 systems.

In 2006, Rutkowska also pinpointed inherent weaknesses in anti-virus software; warned that the major operating system vendors are not yet ready for hardware virtualization technology and confirmed fears that stealth malware is the operating systems biggest security threat.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.





  Reader Comments: Five Hackers Who Left a Mark on 2006
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


x}r8qռFsvgH)ْcmlk)dT(8H-IqK|Kg<xӅ|xS%lݍFλ$i9crsݩk|jx֢w.? !Yf0TEK ]Ϥ^=Am۟@t 5v9:r z>;|9|@vD%j'A]kc{F}W2z5m0 fE1;&I-{s!%2r ZwO~Vh/wm< a}# $J w*Nuol9 Q>)*X^P~FD;ǎ5~q 5~yf ;U'i3['C5nCUVekV6^;s9ȹ׳z$5dc7l#205ARZ [XdTZ wӡk)u8r z08ryj5jfO-{n_w$z(֛z$=+~bA2xưaIHo*! lpa#j)y'CϠE[#Uֶg5]q3ܹcglZENX* ?q7uBa%LjXE&sؗ}YͼaF3l˸;4 @SKVUBX)ځ^rwwӽm˙p*sgyÝ1돿NiR;wN.r$(֝p mKIu]+h5e=US^wD߀*0QI- i|/ Z@߯fN{!x[^ ԊhZAAvIna̳| 3+i3*5dNߒ-~k~>F,3SAT4 ̠K`W+eP>n]?]s\w[9^Vs!+|v!5M0\ܱ:֪o~;c!&A̧KdoF" 23~B(pHqbNbO}૦yp!jYY6'*taeIUi[ӢKsqlH{⧳vІ)WC EhYf7-vI)QM}sQk,VRSW, F̶#ؠS&s;y0`;}J_Oiͧ89~t$AG66^zK tcb>'ݨä +p|w͇v1s/|\aR֔zNj$>6(Z\χ`c˖C@B떂9;׻ޚB<QݻCi`y1&=զ@CAX\7 >)@}9gXS9[ݲeǀxԜ/3JdN˕ ] #RRP$S'hI#r Bг!,`@o%`{`[X;k ab .<ҦBIҗRx&,S,BV-KᗄPf%i2mlƪń(VFNl(0Vn)k憭l0!.(2n( _M TW`b\0aN#wAsmruFz3OD\rG #p2h>JeHw6q- CO5,&Vfj:Y[342.|O\V,'0{3FC׾,Y\O+75e&@0m"}~`iNR} Ȳ^ogWKHLZ`!?RP՘Iҏ5 &^PGe d^s`M`R#׶ݻl :lF֝{4g3i%rf9HzH_GckHB(T2`LHG7S] eQaʣuywPz?1cXe[;pMb~ >FS-cB[O;$!OT'E)'x.5 d1Ǿ$o+:|#HE~H\PZr>r+b"X8:T:$ݦ6߀ä:,Cd5O{M{c>4Ye n2~2EjƟQp< _Mf1zpY 57~L}6݂ ]r39X>4ujN0alEc>eLZrlxXa)Ry=0ݙrI6S07Gʫ%+vră4 ]#@$7ڲ|cv~ 9 (k58uO#%cYe:w@ݐ uz7Vy@, GzCx؝LHuҜn7HIZX9bRkEBZG ϭùšQ Cԃ3Sb_@URTžwZu^,_mhD1(dyD4@/qbk lBk}ӁZFB-š89k*e>e'}VFpaqgP7n3Ǥ_)TYb9Ji?0)6@yZI@j5VJ`Y V8$g[^O`_Iefj æRRU V_Aұg.s_wf=]~oLg4>ʀixG2gdQ JhUm{\ c4w2<c>?/$,RAv+T΀LdR,WEzz`-XPjB L*>"ѧMC/ PNR[C^$}T>Vud*+ZR^?*9 9 ^M lZq~ZCskpo= 2j=vR`fK&_vܖ[J,]@>a u0 glrKz]w<_C8̕}KqlGO+Kz&@u0RlȪVuZU ՂVD'sfٞEA(šd:)dnQ==׵!Y,;L)q39Ȕ:C\Դ"hw ĶRs?%D,qC` H\Q"Y rvjT rF2R@BZNbx<'b{H '+T'.n\'+cI`q`w0DB*MgFDccb^f.VUv$BQ`о(&wmOɪO@T #NEw%]םVd4O}=Kͳ}2DH"rgYC\|I{ڽGi-%{w/[j܉, YE# B Ǎ5Bk3d4)(3z0fs#fDH[h!e}əb9kI.Dz=d_5g0 `- ۵cg#s~uYLPH2>(_a@HR ~tDӻ8m~dun/2 m D78C*QW"REh%IA%G&g <@&9NghDu~kn/Eb}C6z? i^3/p𽇻"T} zO&iR'DZ3pu*h hwl6D20&@v\f0Ӑ`q5OÉ@P V- QגZ4ҫoeW!9 Gs`#iۗyja~%XDRoBGH|5zÿ§  r[kg+y V7gN{m,da3f/ݷvkW}; ?--8tǠCR#I1&$Z^VP**sᔤvȔWN HXd1җ30d&'a=K=#tzoo=إ֛%(KFחuz3ggR,V&@\`$%bC`4Xi崗f‹&D&k@Y_ƚY`@_U3h_.xS܆JMXz˙FљzIG'l z=+.mɉW$//%}zJ .aQq, -"Hv8

tHʏa}GZfz6X" a3höJQmU_>ƙ͗`?ϢuPjFvӽG+1R^< hjsݐ㋪LwV A` mIu.0̑Dd&I0⤰1P@_<'4cixڳyYx ӑzKM&Ug'T:oK{*]&1^j'㉝_mXl1Y' x Ɠ>q <4~ lj<un~eݱݱݱݱݱ;\,bkv,G-Ǵ$}"C=1Xgt]0WzeREcJDXܔ"8CCx x[# Ԓtgd1cnbŨаwA ";- HCBVdg1HQEX ƶoi^Θg㣕<!3BQcG!6=B{S\|yP/@Us4u^KtgnXGo?qxaZJtxv}BSQ[IG@{$z8GIxc*:]y ՈBFpo;D6Gŋi-z $TBM45(5qʹrzB&l'#Wov?k\[wt.u%koa&I p3-by;׍XK>eφwef\Wq;mO5p=4_Ƙ-Woͣi |uMP!JakN6k?0Z_\˚LIj~6}A˽=V4U mX[`8NƋ$n;OnUoko#fyN[FmV))jhk31}el؆_? ZRˬk$I3Ʊ3}h8IFT2̭,)dn} <y3D].ޮb>i'ܺF?s+=K'ЎYݷ8Q;P̫9l;hO>#.b1DKb@/j 32]̻Kk0#B{&? e{>⍳͝~KeAٿcg^S`܀7*ZWqi4s۰?3{>4$X :"$B\x0^X3,M?",󈥶ͦl10eQ :&MߟaG~RJq'߇dMgNpNxP)LE|3A$㷈pSo]x?Q*nUǝ@ omK{~q"FVVrc[~t^8UQe~;$,lqI B(lShFLAE"6,A\ۦǝ.7㌨Nsn9K(aږw$Ʈ$Jjad7$ƽ⊯tyϽcLGlG꨺X/[a0@ 1V&GdBA8AXJo,"xaCquQ%. /(/-Iyp\oK ?6qN"F dr B.]sI *JM]-OQ/ ]ZX,:~eL<_AFw+3}&5fL(:P;qU6'a<::BMETBh~Ũ&@ lN`Cy?VzZ3ZOk]P;Xifyb+n'-浻sx"(ͪND`h*} 1iFHt.^vUW|m"xGI.LiXxN>H'*t=jhܻDbJd i^P)ρVPJj\={(9 .ؕժTjQܣF +*PVDiR#}FyIW .kXGl;̋1JZP-0o}O;R ^M,XE1Jdy}TK[TI`o27s}reyE0-^`̷Uqhi\1;faj>Sy*AW/0K{IF^YCO5X*tIND]%FR)t)@P\/0ƏļX\sn0ap/,9+LiZ`3+nslKZIȶ8+ilwAQg)q8 @ɉ莥ryt ތ/HHuTc +s\1oiqB..&ڰkW1儔6JzN[yƅ1iL(_0X}dLW<00t#P̲jNT]֏pY=XCE3 #L ]|­BVUv$r&*6;mLlf!> /'}qU84 :{ᛂWZ-%6F/|T3/b=3-Ѩ#k>x췉'1M-ӴiDLROws\ND CVY `Oh$~b "uFf."T( A`v#CsJ׽v߾졇U Cޝ &Ru.4{>Ph0tfԘ8@= CO 2u y»򽉡{0us`scRC´vxԢX-><& .ycI 8^yN4X+M7,X2|e{xbRU+J)|U3ʰLX;ʷͲg2VqЅ&JZ! `xzNrdhz߃[C_Ч6#&Dwn`9͋{I&OE='5¶V-r5uv[;y/Bj%mIk&5+<v<(32/r}Q8QޅnF9rz}y hjgAcq}>@?d'(kt֗wZFQd3r'{^Fg(fٮq1>gYg, >,g@ geYg~W'P~Q7([Feg9yg_O7CtAt3E\_\fOe{]_ S]AUV9w*~P~U{uF$)cf5/pvJEsQ^53T}~)P5(ge3Vڍna{Ar!{e_/C@qsqm%R+ ]Q%>=-{[I2n@Kȣ_xi +{O2 r hxVydb bye?VPw;]SҤ]j.{%])r-XѧZ}5_9p=* tgx'% UQǒGЬg]#=Dze?|[2xI0dBۓ{g\pm⦠ϻH^h-AkO[ &7S[."ţ;ZʈPcvdmo߆zH'<+; |4;(w[ЙqޢD);Fyk@yk{zY)W8#A}̞^ytpf^`l>h}k:KdBgpX`$fZ gˌ)螉ׄ+ 7\xď;cö0NrP*5VZ*;_%i #G1Q5YUdJ*'jeV*V&K=# .=M^t fM-ϡ'!pA>fJC Dk(x[xcE.z_ąmBfp0l{|y ގe@7 J,5v;cŨЋD@3ƝxVjt1R {{[2gډe:'q8SsӄY"DӼxl4@[4Xj9SYF  T z qY2&23Mť{:o/\| "e*1ÃfmJUXC-['lybb)mԿ+ݣbU[ ;$} F(r>t (luy93"pipzx " n#QVLZDAۀYN zvuVܤČk,+9H5xdtcLigkGz`L,&h_cErhGUZQ8݈qdf~3`ImXv禄 {P3xX8 7tgG=םPĚwh/O!NeBR&'5lO"cBp[Oulם8E# Pr1қqlj_ԕU`7g#~"VœA6p8!(_Gْk0eJˍt_d%\ d<l[ +" Km˴>u¥"UXJNX,8.# ktk Q C.9BuzϷ[<-v;͇OVe؋$| _[0~Y+m˕bm+Ѝ5!igNbkcgb@xV=d_qxN|L/ؙ9:u!}đYX&7ęV /O CׅѰ0 L;,lyEG%RRNCb 0F c:ebrYMzS cJ\g'ۂ~Ս ׶{S<"Y4.G"@xC{lw6k+Ȁ7H>Y[D,5R7tP9Γz0 s͹!w׆! a+c~,Km)f wAx=`#hxb <nh1)d'kIG'R$la,r3 Ej z.t3R04NxqBa0SSQ2$Y$W3uG?; o:ˌhT*.㉋۝'Ge nO-)h,S$De $RzVs!Y/' ~c Whc< xL v{kfuU+kD;ydMn+:cSEᘸe=)jaKmw9n~;1{l~r)CUs̥D/4^JB\qrh6