- of
One of the most well-respected security researchers working in the field today, Jeremian Grossman dedicates much of his research time finding web application security flaws that have exploded on the scene over the last year. He was one of the first researchers to show how hackers could exploit JavaScript hijacking to bust through Gmail, and together with Robert Hansen has been the first to uncover a flaw in Adobe Flash Player that gives hackers control of users’ video and microphones in a sophisticated attack called clickjacking.
Also known as Rsnake, Robert Hansen has over the years gained a solid reputation as an independent security researcher. Last year he went commercial, forming his own consultancy (SecTheory), but he continues to make big finds. Most recently he’s been doing a lot of work with XSS vulnerabilities and worked with Grossman to find the clickjacking flaw in Adobe Flash Player.
This year Joe Stewart stumbled upon one of the largest caches of stolen data researchers have ever found—500 GB of uncompressed data. He and the good folks at SecureWorks have been working tirelessly this year to shut down the Coreflood Trojan that helped steal it.
Joanna Rutkowska made a name for herself several years ago when she unraveled Microsoft’s story about “rootkit-proof Vista” with her Blue Pill program. This year she’s been crusading for better virtualization security by picking away at the Xen hypervisor.
Always on the cutting edge of security research, sometimes to his own detriment, Dan Kaminsky made more waves this year when he released details of a big vulnerability in the DNS system that keeps the Internet chugging.
The amount of spam sunk by about two-thirds when a group of security experts banded together to shut down a troublesome ISP called McColo who was hosting major botnets. Thank Ferguson as one of the group who helped push the effort through.
This summer, Stephan Chenette and his crew at Websense have been working doubletime to combat the rise in legitimate websites compromised by hackers. Today more than 75 percent of websites with malicious code are legitimate sites.
One of the legions of quality researchers employed at Symantec, Zulfikar Ramzan sent ripples through the online advertising world when he announced the discovery of a Trojan that was automatically perpetrating click-fraud on big sites such as Google and Yahoo.
This spring Craig Schmugar blew the lid off a new attack vector favored by criminals: fake media files. The bad guys were playing off normally good people’s bad habit of downloading ‘free’ MP3 files and tricking them into loading malware.
One of the developers instrumental in bringing the Core Technologies penetration testing product to the market, Ariel Futoransky still spends a lot of his time leading his team in researching vulnerabilities. Their latest efforts have been around timing attacks against database engines.
10 Ways to Work With People You Hate
How You Spend $120,000 on Coffee and Lunch
Five Terrible Excuses for Being Late to Work
10 Outrageous Expense Report Items
10 Business Lessons from the Super Bowl
Businesses Learn to Love Consumer IT
See All Slideshows
