词条 | Tavis Ormandy |
释义 |
Notable discoveriesOrmandy is credited with discovering severe vulnerabilities in Libtiff,[2] Sophos' antivirus software[3] and Microsoft Windows.[4] With Natalie Silvanovich he discovered a severe vulnerability in FireEye products in 2015.[5] His findings with Sophos' products led him to write a 30-page paper entitled "Sophail: Applied attacks against Sophos Antivirus" in 2012, which concludes that the company was "working with good intentions" but is "ill-equipped to handle the output of one co-operative security researcher working in his spare time" and that its products shouldn't be used on high-value systems.[6] He also created an exploit in 2014 to demonstrate how a vulnerability in glibc known since 2005 could be used to gain root access on an affected machine running a 32-bit version of Fedora.[7] In 2016, he demonstrated multiple vulnerabilities in Trend Micro Antivirus on Windows related to the Password Manager,[8] and vulnerabilities in Symantec security products. In February 2017, he found and reported a critical bug in Cloudflare's infrastructure leaking user-sensitive data along with requests affecting millions of websites around the world which has been referred to as Cloudbleed (in reference to the Heartbleed bug that Google co-discovered).[9] References1. ^{{cite web|url=https://www.wired.com/2014/07/google-project-zero/|title=Meet ‘Project Zero,’ Google’s Secret Team of Bug-Hunting Hackers|last=Greenberg|first=Andy|date=15 July 2014|publisher=Wired.com|accessdate=4 January 2015}} 2. ^{{cite web|url=http://www.computerworld.com/article/2864053/hey-devs-those-software-libraries-arent-always-safe-to-use.html|title=Hey, devs! Those software libraries aren't always safe to use|last=Constantin|first=Lucian|date=30 December 2014|publisher=Computerworld|accessdate=5 January 2015}} 3. ^{{cite web|url=https://www.forbes.com/sites/andygreenberg/2011/08/04/google-researcher-exposes-flaws-in-sophos-software-slams-antivirus-industry/|title=Google Researcher Exposes Flaws In Sophos Software, Slams Antivirus Industry|last=Greenberg|first=Andy|date=4 August 2011|publisher=Forbes|accessdate=15 August 2016}} 4. ^{{cite web|url=http://www.computerworld.com/article/2498032/malware-vulnerabilities/google-engineer-bashes-microsoft-s-handling-of-security-researchers--disclos.html|title=Google engineer bashes Microsoft's handling of security researchers, discloses Windows zero-day|last=Keizer|first=Gregg|date=23 May 2013|publisher=Computerworld|accessdate=5 January 2015}} 5. ^{{cite web|last1=Ormandy|first1=Tavis|title=Project Zero: FireEye Exploitation: Project Zero’s Vulnerability of the Beast|url=https://googleprojectzero.blogspot.com/2015/12/fireeye-exploitation-project-zeros.html|website=Project Zero|accessdate=11 May 2017|date=15 December 2015}} 6. ^{{cite web|url=http://www.cso.com.au/article/441070/google_security_researcher_keep_sophos_away_from_high_value_systems/|title=Google security researcher: Keep Sophos away from high value systems|last=Tung|first=Liam|date=6 November 2012|publisher=CSO Online|accessdate=5 January 2015}} 7. ^{{cite web|last1=Evans|first1=Chris|title=Project Zero: The poisoned NUL byte, 2014 edition|url=https://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html|website=Project Zero|accessdate=11 May 2017|date=25 August 2014}} 8. ^{{cite web|url=https://arstechnica.com/security/2016/01/google-security-researcher-excoriates-trendmicro-for-critical-av-defects/|title=Google security researcher excoriates TrendMicro for critical AV defects|last=Goodin|first=Dan|date=11 January 2016|publisher=Ars Technica|accessdate=4 February 2016}} 9. ^{{cite web|url=https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/|accessdate=23 February 2017|title=Incident report on memory leak caused by Cloudflare parser bug}} External links
5 : Google people|People associated with computer security|English computer programmers|Living people|Year of birth missing (living people) |
随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。