|
Alexander Peslyak
Alexander Peslyak (Александр Песляк) (born 1977), better known as Solar Designer, is a security specialist from Russia. He is best known for his publications on exploitation techniques, including the return-to-libc attack and the first generic heap-based buffer overflow exploitation technique, as well as computer security protection techniques such as privilege separation for daemon processes. Peslyak is the author of the widely popular password cracking tool John the Ripper. His code has also been used in various third-party operating systems, such as OpenBSD and Debian. Work Peslyak has been the founder and leader of the Openwall Project since 1999. He is the founder of Openwall, Inc. and has been the CTO since 2003. He served as an advisory board member at the Open Source Computer Emergency Response Team (oCERT) from 2008 until oCERT's conclusion in August 2017. He also co-founded oss-security. He has spoken at many international conferences, including FO ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Solar Designer
Alexander Peslyak (Александр Песляк) (born 1977), better known as Solar Designer, is a security specialist from Russia. He is best known for his publications on exploitation techniques, including the return-to-libc attack and the first generic heap-based buffer overflow exploitation technique, as well as computer security protection techniques such as privilege separation for daemon processes. Peslyak is the author of the widely popular password cracking tool John the Ripper. His code has also been used in various third-party operating systems, such as OpenBSD and Debian. Work Peslyak has been the founder and leader of the Openwall Project since 1999. He is the founder of Openwall, Inc. and has been the CTO since 2003. He served as an advisory board member at the Open Source Computer Emergency Response Team (oCERT) from 2008 until oCERT's conclusion in August 2017. He also co-founded oss-security. He has spoken at many international conferences, including FO ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
FOSDEM
Free and Open source Software Developers' European Meeting (FOSDEM) is a non-commercial, volunteer-organized European event centered on free and open-source software development. It is aimed at developers and anyone interested in the free and open-source software movement. It aims to enable developers to meet and to promote the awareness and use of free and open-source software. FOSDEM is held annually, usually during the first weekend of February, at the Université Libre de Bruxelles Solbosch campus in the southeast of Brussels, Belgium. History FOSDEM was started in 2000 under the name Open Source Developers of Europe Meeting (OSDEM) by Raphael Bauduin. Bauduin said that since he felt he lacked the brains to properly contribute to the open-source community, he wanted to contribute by launching a European event in Brussels. Bauduin teamed up with Damien Sandras. The team repeated the event. The F (of FOSDEM) was added at the request of Richard Stallman. The event has ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
People Associated With Computer Security
A person ( : people) is a being that has certain capacities or attributes such as reason, morality, consciousness or self-consciousness, and being a part of a culturally established form of social relations such as kinship, ownership of property, or legal responsibility. The defining features of personhood and, consequently, what makes a person count as a person, differ widely among cultures and contexts. In addition to the question of personhood, of what makes a being count as a person to begin with, there are further questions about personal identity and self: both about what makes any particular person that particular person instead of another, and about what makes a person at one time the same person as they were or will be at another time despite any intervening changes. The plural form "people" is often used to refer to an entire nation or ethnic group (as in "a people"), and this was the original meaning of the word; it subsequently acquired its use as a plural form of ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Security-focused Operating System
This is a list of operating systems specifically focused on security. Operating systems for general-purpose usage may be secure without having a specific focus on security. Similar concepts include security-evaluated operating systems that have achieved certification from an auditing organization, and trusted operating systems that provide sufficient support for multilevel security and evidence of correctness to meet a particular set of requirements. Linux Android-based * Android in general is very secure, having many security features such as taking advantage of SELinux and Verified Boot. * CalyxOS is a free and open source privacy and security focused Android Custom ROM * DivestOS is a free and open source privacy and security focused Android Custom ROM * GrapheneOS is an open source privacy and security focused Android Custom ROM * Kali NetHunter is a free and open source Kali Linux based Android Custom ROM for penetration testing Debian-based * Subgraph is a ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
GNU C Library
The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library. Despite its name, it now also directly supports C++ (and, indirectly, other programming languages). It was started in the 1980s by the Free Software Foundation (FSF) for the GNU operating system. Released under the GNU Lesser General Public License, glibc is free software. The GNU C Library project provides the core libraries for the GNU system, as well as many systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational facilities as open, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt, login, exit and more. History The glibc project was initially written mostly by Roland McGrath, working for the Free Software Foundation (FSF) in the 1980s as a teenager. In February 1988, FSF described glibc as having nearly completed the func ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Qualys
Qualys, Inc. provides cloud security, compliance and related services and is based in Foster City, California. Qualys provides vulnerability management solutions using a "software as a service" (SaaS) model. It has added cloud-based compliance and web application security offerings. Qualys has over 10,300 customers in more than 130 countries, including a majority of the Forbes Global 100. The company has strategic partnerships with major managed services providers and consulting organizations including BT, Dell SecureWorks, Fujitsu, IBM, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA). History Qualys has been described as "one of the earliest software-as-a-service security vendors." Philippe Courtot first invested in the company in 1999. He became CEO and board chair in 2001. In the announcement of the second round of financing, Courtot described Qualys as addressing a "mounting need for automatic detection of ne ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Black Hat Briefings
Black Hat Briefings (commonly referred to as Black Hat) is a computer security conference that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world. Black Hat brings together a variety of people interested in information security ranging from non-technical individuals, executives, hackers, and security professionals. The conference takes place regularly in Las Vegas, Barcelona, London and Riyadh. The conference has also been hosted in Amsterdam, Tokyo, and Washington, D.C. in the past. History The first Black Hat was held July 7-10, 1997 in Las Vegas, immediately prior to DEF CON 5. The conference was aimed at the computer industry, promising to give them privileged insight into the minds and motivations of their hacker adversaries. Its organizers stated: "While many conferences focus on information and network security, only the Black Hat Briefings will put your engineers and software programmers face-to-face ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Pwnie Award
The Pwnie Awards recognize both excellence and incompetence in the field of information security. Winners are selected by a committee of security industry professionals from nominations collected from the information security community. Nominees are announced yearly at Summercon, and the awards themselves are presented at the Black Hat Security Conference. Origins The name Pwnie Award is based on the word "pwn", which is hacker slang meaning to "compromise" or "control" based on the previous usage of the word "own" (and it is pronounced similarly). The name "The Pwnie Awards," pronounced as "Pony," is meant to sound like the Tony Awards, an awards ceremony for Broadway theater in New York City. History The Pwnie Awards were founded in 2007 by Alexander Sotirov and Dino Dai Zovi following discussions regarding Dino's discovery of a cross-platform QuickTime vulnerability () and Alexander's discovery of an ANI file processing vulnerability () in Internet Explorer. Winners ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Michał Zalewski
Michał Zalewski (born 19 January 1981), also known by the user name lcamtuf, is a computer security expert and "white hat" hacker from Poland. He is a former Google Inc. employee (until 2018), and currently the VP of Security Engineering at Snap Inc. He has been a prolific vulnerability researcher and a frequent Bugtraq poster since the mid-1990s, and has written a number of programs for Unix-like operating systems. In 2005, Zalewski wrote ''Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks'', a computer security book published by No Starch Press and subsequently translated into a number of languages. In 2011, Zalewski wrote ''The Tangled Web: A Guide to Securing Modern Web Applications'', also published by No Starch Press. For his continued research on browser security, he was named one of the 15 most influential people in security and among the 100 most influential people in IT. Zalewski was one of the original creators of Argante, a virtual ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Openwall Project
The Openwall Project is a source for various software, including Openwall GNU/*/Linux (Owl), a security-enhanced Linux distribution designed for servers. Openwall patches and security extensions have been included into many major Linux distributions. As the name implies, Openwall GNU/*/Linux draws source code and design concepts from numerous sources, most importantly to the project is its usage of the Linux kernel and parts of the GNU userland, others include the BSDs, such as OpenBSD for its OpenSSH suite and the inspiration behind its own Blowfish-based crypt for password hashing, compatible with the OpenBSD implementation. Public domain software The Openwall project maintains also a list of algorithms and source code which is public domain software. Openwall GNU/*/Linux releases LWN.net reviewed Openwall Linux 3.0. They wrote: ''PoC, , GTFO'' Issues of the ''International Journal of Proof-of-Concept or Get The Fuck Out'' (''PoC, , GTFO'') are mirrored by the ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Return-to-libc Attack
A "return-to-libc" attack is a computer security attack usually starting with a buffer overflow in which a subroutine return address on a call stack is replaced by an address of a subroutine that is already present in the process executable memory, bypassing the no-execute bit feature (if present) and ridding the attacker of the need to inject their own code. The first example of this attack in the wild was contributed by Alexander Peslyak on the Bugtraq mailing list in 1997. On POSIX-compliant operating systems the C standard library ("libc") is commonly used to provide a standard runtime environment for programs written in the C programming language. Although the attacker could make the code return anywhere, libc is the most likely target, as it is almost always linked to the program, and it provides useful calls for an attacker (such as the system function used to execute shell commands). Protection from return-to-libc attacks A non-executable stack can prevent some buffer o ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Debian
Debian (), also known as Debian GNU/Linux, is a Linux distribution composed of free and open-source software, developed by the community-supported Debian Project, which was established by Ian Murdock on August 16, 1993. The first version of Debian (0.01) was released on September 15, 1993, and its first stable version (1.1) was released on June 17, 1996. The Debian Stable branch is the most popular edition for personal computers and servers. Debian is also the basis for many other distributions, most notably Ubuntu. Debian is one of the oldest operating systems based on the Linux kernel. The project is coordinated over the Internet by a team of volunteers guided by the Debian Project Leader and three foundational documents: the Debian Social Contract, the Debian Constitution, and the Debian Free Software Guidelines. New distributions are updated continually, and the next candidate is released after a time-based freeze. Since its founding, Debian has been developed openly ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
_1938.jpg "Click for more on -> People Associated With Computer Security")
