In the security year that was 2006, zero-day attacks and exploits dominated the headlines.
However, the year will be best remembered for the work of members of the hacking—er, security research—community who discovered and disclosed serious vulnerabilities in the technologies we take for granted, forced software vendors to react faster to flaw warnings and pushed the vulnerability research boat into new, uncharted waters.
In no particular order, here's my list of five hackers who left a significant mark on 2006 and set the stage for more important discoveries in 2007:
H.D. Moore
H.D. Moore has always been a household name—and a bit of a rock star—in hacker circles. As a vulnerability researcher and exploit writer, he built the Metasploit Framework into a must-use penetration testing tool. In 2006, Moore reloaded the open-source attack tool with new tricks to automate exploitation through scripting, simplify the process of writing an exploit, and increase the re-use of code between exploits.
Moore's public research also included the MoBB (Month of Browser Bugs) project that exposed security flaws in the world's most widely used Web browsers; a malware search engine that used Google search queries to find live malware samples; the MoKB (Month of Kernel Bugs) initiative that uncovered serious kernel-level flaws; and the discovery of Wi-Fi driver bugs that could cause code execution attacks.
Love him or hate him—hackers marvel at his skills while software vendors decry his stance on vulnerability disclosure—Moore's work nudged the security discussion to the mainstream media and confirmed that vulnerability research will remain alive in 2007.
Read the full story on eWEEK.com: Who Left a Mark on 2006.
 |
