Tavis Ormandy

Last updated

Tavis Ormandy is an English computer security white hat hacker. He is currently employed by Google as part of their Project Zero team. [1]

Contents

Notable discoveries

Ormandy is credited with discovering severe vulnerabilities in LibTIFF, [2] Sophos' antivirus software [3] and Microsoft Windows. [4] With Natalie Silvanovich he discovered a severe vulnerability in FireEye products in 2015. [5]

His findings with Sophos' products led him to write a 30-page paper entitled "Sophail: Applied attacks against Sophos Antivirus" in 2012, which concludes that the company was "working with good intentions" but is "ill-equipped to handle the output of one co-operative security researcher working in his spare time" and that its products shouldn't be used on high-value systems. [6]

He also created an exploit in 2014 to demonstrate how a vulnerability in glibc known since 2005 could be used to gain root access on an affected machine running a 32-bit version of Fedora. [7]

In 2016, he demonstrated multiple vulnerabilities in Trend Micro Antivirus on Windows related to the Password Manager, [8] and vulnerabilities in Symantec security products.

In February 2017, he found and reported a critical bug in Cloudflare's infrastructure leaking user-sensitive data along with requests affecting millions of websites around the world which has been referred to as Cloudbleed (in reference to the Heartbleed bug that Google co-discovered). [9]

Related Research Articles

<span class="mw-page-title-main">Antivirus software</span> Computer software to defend against malicious computer viruses

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

<span class="mw-page-title-main">Trend Micro</span> Japanese multinational cyber security company

Trend Micro Inc. is an American-Japanese multinational cyber security software company with global headquarters in Tokyo, Japan and Irving, Texas, United State.Other regional headquarters and R&D centers are located around East Asia, Southeast Asia, Europe, and North America. The company develops enterprise security software for servers, containers, & cloud computing environments, networks, and end points. Its cloud and virtualization security products provide automated security for customers of VMware, Amazon AWS, Microsoft Azure, and Google Cloud Platform.

Xcitium, formerly known as Comodo Security Solutions, Inc., is a cybersecurity company headquartered in Bloomfield, New Jersey in the United States.

<span class="mw-page-title-main">Kernel Patch Protection</span>

Kernel Patch Protection (KPP), informally known as PatchGuard, is a feature of 64-bit (x64) editions of Microsoft Windows that prevents patching the kernel. It was first introduced in 2005 with the x64 editions of Windows XP and Windows Server 2003 Service Pack 1.

The various versions of Microsoft's desktop operating system, Windows, have received many criticisms since Microsoft's inception.

<span class="mw-page-title-main">VirusTotal</span> Cybersecurity website owned by Chronicle

VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google in September 2012. The company's ownership switched in January 2018 to Chronicle, a subsidiary of Google.

A zero-day is a computer-software vulnerability previously unknown to those who should be interested in its mitigation, like the vendor of the target software. Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers or a network. An exploit taking advantage of a zero-day is called a zero-day exploit, or zero-day attack.

<span class="mw-page-title-main">Pwnie Awards</span> Information security awards

The Pwnie Awards recognize both excellence and script kiddies in the field of information security. Winners are selected by a committee of security industry professionals from nominations collected from the information security community. Nominees are announced yearly at Summercon, and the awards themselves are presented at the Black Hat Security Conference.

Malwarebytes is an anti-malware software for Microsoft Windows, macOS, ChromeOS, Android, and iOS that finds and removes malware. Made by Malwarebytes Corporation, it was first released in January 2006. It is available in a free version, which scans for and removes malware when started manually, and a paid version, which additionally provides scheduled scans, real-time protection and a flash-memory scanner.

<span class="mw-page-title-main">Microsoft Security Essentials</span> Free antivirus product produced by Microsoft for the Windows operating system

Microsoft Security Essentials (MSE) is an antivirus software (AV) product that provides protection against different types of malicious software, such as computer viruses, spyware, rootkits, and trojan horses. Prior to version 4.5, MSE ran on Windows XP, Windows Vista, and Windows 7, but not on Windows 8 and later versions, which have built-in AV components known as Windows Defender. MSE 4.5 and later versions do not run on Windows XP. The license agreement allows home users and small businesses to install and use the product free-of-charge. It replaces Windows Live OneCare, a discontinued commercial subscription-based AV service, and the free Windows Defender, which only protected users from spyware until Windows 8.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky, and Alexey De-Monderik; Eugene Kaspersky is currently the CEO. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference. First held in April 2007 in Vancouver, the contest is now held twice a year, most recently in April 2021. Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities. Winners of the contest receive the device that they exploited and a cash prize. The Pwn2Own contest serves to demonstrate the vulnerability of devices and software in widespread use while also providing a checkpoint on the progress made in security since the previous year.

Avira Operations GmbH is a German multinational computer security software company mainly known for their Avira Free Security antivirus software. Avira was founded in 2006, but the antivirus application has been under active development since 1986, through its predecessor company H+BEDV Datentechnik GmbH. Since 2021, Avira is owned by American software company NortonLifeLock, after being previously owned by investment firm Investcorp.

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. It was announced on 15 July 2014.

<span class="mw-page-title-main">Avast Secure Browser</span> Chromium-based browser made by Avast

Avast Secure Browser is an Avast Software web browser included for optional installation in the Avast Antivirus installer since 2016, but it is also available on its website. It is based on the open source Chromium project. It is available for Microsoft Windows, macOS, iOS, and Android.

Cloudbleed was a Cloudflare buffer overflow disclosed by Project Zero on February 17, 2017. Cloudflare's code disclosed the contents of memory that contained the private information of other customers, such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. As a result, data from Cloudflare customers was leaked to all other Cloudflare customers that had access to server memory. This occurred, according to numbers provided by Cloudflare at the time, more than 18,000,000 times before the problem was corrected. Some of the leaked data was cached by search engines.

Ben Hawkes is a computer security expert and white hat hacker from New Zealand, previously employed by Google as manager of their Project Zero.

Zero Day Initiative (ZDI) is an international software vulnerability initiative that was started in 2005 by TippingPoint, a division of 3Com. The program was acquired by Trend Micro as a part of the HP TippingPoint acquisition in 2015.

Log4Shell (CVE-2021-44228) was a zero-day vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution. The vulnerability had existed unnoticed since 2013 and was privately disclosed to the Apache Software Foundation, of which Log4j is a project, by Chen Zhaojun of Alibaba Cloud's security team on 24 November 2021. Before an official CVE identifier was made available on December 10th, 2021, the vulnerability circulated by the name "Log4Shell", given by Free Wortley of the LunaSec team, was initially used to track the issue online. Apache gave Log4Shell a CVSS severity rating of 10, the highest available score. The exploit is simple to execute and is estimated to affect hundreds of millions of devices.

References

  1. Greenberg, Andy (15 July 2014). "Meet 'Project Zero,' Google's Secret Team of Bug-Hunting Hackers". Wired.com . Retrieved 4 January 2015.
  2. Constantin, Lucian (30 December 2014). "Hey, devs! Those software libraries aren't always safe to use". Computerworld . Retrieved 5 January 2015.
  3. Greenberg, Andy (4 August 2011). "Google Researcher Exposes Flaws In Sophos Software, Slams Antivirus Industry". Forbes . Retrieved 15 August 2016.
  4. Keizer, Gregg (23 May 2013). "Google engineer bashes Microsoft's handling of security researchers, discloses Windows zero-day". Computerworld . Retrieved 5 January 2015.
  5. Ormandy, Tavis (15 December 2015). "Project Zero: FireEye Exploitation: Project Zero's Vulnerability of the Beast". Project Zero. Retrieved 11 May 2017.
  6. Tung, Liam (6 November 2012). "Google security researcher: Keep Sophos away from high value systems". CSO Online . Retrieved 5 January 2015.
  7. Evans, Chris (25 August 2014). "Project Zero: The poisoned NUL byte, 2014 edition". Project Zero. Retrieved 11 May 2017.
  8. Goodin, Dan (11 January 2016). "Google security researcher excoriates TrendMicro for critical AV defects". Ars Technica . Retrieved 4 February 2016.
  9. "Incident report on memory leak caused by Cloudflare parser bug" . Retrieved 23 February 2017.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.