“Tavis Ormandy”的意思、由来-开放百科全书

Ormandy is credited with discovering severe vulnerabilities in Libtiff,^[2] Sophos' antivirus software^[3] and Microsoft Windows.^[4]

With Natalie Silvanovich he discovered a severe vulnerability in FireEye products in 2015.^[5]

His findings with Sophos' products led him to write a 30-page paper entitled "Sophail: Applied attacks against Sophos Antivirus" in 2012, which concludes that the company was "working with good intentions" but is "ill-equipped to handle the output of one co-operative security researcher working in his spare time" and that its products shouldn't be used on high-value systems.^[6]

He also created an exploit in 2014 to demonstrate how a vulnerability in glibc known since 2005 could be used to gain root access on an affected machine running a 32-bit version of Fedora.^[7]

In 2016, he demonstrated multiple vulnerabilities in Trend Micro Antivirus on Windows related to the Password Manager,^[8] and vulnerabilities in Symantec security products.

In February 2017, he found and reported a critical bug in Cloudflare's infrastructure leaking user-sensitive data along with requests affecting millions of websites around the world which has been referred to as Cloudbleed (in reference to the Heartbleed bug that Google co-discovered).^[9]

References

1. ^{{cite web|url=https://www.wired.com/2014/07/google-project-zero/|title=Meet ‘Project Zero,’ Google’s Secret Team of Bug-Hunting Hackers|last=Greenberg|first=Andy|date=15 July 2014|publisher=Wired.com|accessdate=4 January 2015}}
2. ^{{cite web|url=http://www.computerworld.com/article/2864053/hey-devs-those-software-libraries-arent-always-safe-to-use.html|title=Hey, devs! Those software libraries aren't always safe to use|last=Constantin|first=Lucian|date=30 December 2014|publisher=Computerworld|accessdate=5 January 2015}}
3. ^{{cite web|url=https://www.forbes.com/sites/andygreenberg/2011/08/04/google-researcher-exposes-flaws-in-sophos-software-slams-antivirus-industry/|title=Google Researcher Exposes Flaws In Sophos Software, Slams Antivirus Industry|last=Greenberg|first=Andy|date=4 August 2011|publisher=Forbes|accessdate=15 August 2016}}
4. ^{{cite web|url=http://www.computerworld.com/article/2498032/malware-vulnerabilities/google-engineer-bashes-microsoft-s-handling-of-security-researchers--disclos.html|title=Google engineer bashes Microsoft's handling of security researchers, discloses Windows zero-day|last=Keizer|first=Gregg|date=23 May 2013|publisher=Computerworld|accessdate=5 January 2015}}
5. ^{{cite web|last1=Ormandy|first1=Tavis|title=Project Zero: FireEye Exploitation: Project Zero’s Vulnerability of the Beast|url=https://googleprojectzero.blogspot.com/2015/12/fireeye-exploitation-project-zeros.html|website=Project Zero|accessdate=11 May 2017|date=15 December 2015}}
6. ^{{cite web|url=http://www.cso.com.au/article/441070/google_security_researcher_keep_sophos_away_from_high_value_systems/|title=Google security researcher: Keep Sophos away from high value systems|last=Tung|first=Liam|date=6 November 2012|publisher=CSO Online|accessdate=5 January 2015}}
7. ^{{cite web|last1=Evans|first1=Chris|title=Project Zero: The poisoned NUL byte, 2014 edition|url=https://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html|website=Project Zero|accessdate=11 May 2017|date=25 August 2014}}
8. ^{{cite web|url=https://arstechnica.com/security/2016/01/google-security-researcher-excoriates-trendmicro-for-critical-av-defects/|title=Google security researcher excoriates TrendMicro for critical AV defects|last=Goodin|first=Dan|date=11 January 2016|publisher=Ars Technica|accessdate=4 February 2016}}
9. ^{{cite web|url=https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/|accessdate=23 February 2017|title=Incident report on memory leak caused by Cloudflare parser bug}}

Notable discoveries

References

External links