Five Hackers Who Left a Mark on 2006

espera un momento writes "eweek.com picks the five hackers who made a significant impact on security and vulnerability research in 2006. These are some interesting choices of the guys (and gal) who dominated the media headlines. The topics covered included Wi-Fi bugs, browser flaws and rootkits."

Yummie

[jrwr00]

Mr. Mrooe sure knows how to makes some good bugs :)

Re:

[everett]

400,000,000 / 6,000,000,000 ~ = 6/100 1/5

Statistically it's not that big a deal.

Re:

[Simon Garlick]

Thank you... thank you. For not saying "that big OF a deal".

I @#$%^& hate that.

Re:

[EXMSFT]

Read it again.

Re:

[D4rk Fx]

Correct statistical interpretation (July 2006 est): Population of the World: 6,525,170,264 Population of the United States: 298,444,215 Assuming everyone has an equal chance of being picked, (6,525,170,264 - 298,444,215)/6,525,170,264 ~= 95.4263% chance the first person is not from the US.... 95.4263%^5 ~= 79.1297% chance of no-one from the US being picked. It is statistically probable that no-one from the US is picked.

Hackers?

[lecithin]

Hackers - meaning people involved with information security.

No, the real folks that really 'left their mark' in 2006 are yet unidentified.

Re:

[necro2607]

"No, the real folks that really 'left their mark' in 2006 are yet unidentified."

I was thinking something along the same lines.

When I first started reading this headline I was pretty excited to hear some juicy hacking stories about some kind of "unlit silhouette with voice-masking" interview type of situation, with people sworn to secrecy about who the person actually is, because they engaged in some extremely illegal undercover corporate hack to obtain proprietary secrets from a competitor of the hiring cor

Re:Hackers?

[multisync]

Too bad the actual article merely (mis-?)used the word "hacker" in a "security professional" sort of sense

That's funny. I was impressed with the fact that e-week didn't (mis-?)use the word "hacker" in a "criminal whose crime is in some way (or possibly not) related to technology" sort of sense.

Re:

[Anonymous Coward]

Hans Reiser certainly "left a mark", and I guess you could call him a "hacker". But you can't prove it!

http://geekz.co.uk/lovesraymond/archive/so-i-marri ed-a-kernel-programmer [geekz.co.uk]

Ellch and Manor???

[gnasher719]

What effect exactly have these two had? Made serious security researchers ridiculous by showing a rigged demo of a supposed exploit that until today hasn't been reproduced by anyone?

Re:Ellch and Manor??? RTFA!

[someone1234]

From the article: "However, security researchers who understood the technical nature--and severity--of their findings, Ellch and Maynor were widely celebrated for their work, which was the trigger for the MoKB (Month of Kernel Bugs) project that launched with exploits for Wi-Fi driver vulnerabilities. Since the Black Hat talk, a slew of vendors--including Broadcom, D-Link, Toshiba and Apple--have shipped fixes for the same class of bugs identified by Ellch and Maynor, confirming the validity of their findings. " Look for 'Apple' and 'shipped fixes' in the text.

Re:

[MysticOne]

From what I understand, Apple performed an audit of their code and found a few bugs that could potentially be used to exploit a Mac in a similar fashion. However, I don't think such an exploit was ever demonstrated. I think it was a good thing that Apple performed the audit and fixed the problems, but that doesn't say that the "vulnerability" Ellch and Manor "demonstrated" was legitimate. Possible, yes, but still unconfirmed.

Re:

[someone1234]

The question was: "What effect exactly have these two had?" My answer was: "Apple shipped fixes." Good enough for me.

Re:

[gnasher719]

'' The question was: "What effect exactly have these two had?" My answer was: "Apple shipped fixes." Good enough for me. ''

In that case, can we remove these two from the article, and replace their names with those of the unknown Apple engineers who went through the code and found whatever he found, to those who fixed the problem (probably the same ones), the unknown testers at Apple who made sure that the fix didn't break anything, and their manager who changed priorities to the wireless driver?

Ellch and Maynor are a joke.

[DaggertipX]

Exactly, I can point at any OS and say "Hey, I bet there's a security issue there". I can also promise you that if a researcher with talent and skill looks at it, they will find one. This does not mean that I've found a vulnerability, only that I can state the obvious.
Maynor and Ellch have lost all credibility as far as I, and many others, are concerned. They behaved in an irresponsible and unprofessional manner, and I don't think I'll be able to trust any information they release in the future because of

Re:

[void bear(void)]

The poorly written code was in the Atheros driver, which was nothing to do with Apple, and indeed other platforms using the same hardware were also vulnerable.

They still haven't clearly stated that a stock Airport Extreme setup is as vulnerable as shown, as they clearly used a usb wireless device for the demo.

I would have more respect for these guys if they hadn't come out with the 'poke a lit cigarette in every Apple user's eye' comment which proved they had an axe to grind.

Re:

[Anonymous Coward]

Unless I am mistaken both Maynor and Ellch said several times that the "eye" comment was changed by the reporter. They said at Defcon it was the actors in the commerical they were referring to,

double entendre

[User 956]

Five Hackers Who Left a Mark on 2006

Judging by the frequency with which most self-named Hackers change their undergarments, I'd be willing to bet that there are a lot more than five of them that have left a "mark" in the last year, if you know what I mean.

Enlightening, but not much Impact

[genghis_1971]

How does discovering the Sony rootkit earn one the title of 'hacker'.

Re:

[d3m0nCr4t]

You're right. According to Sony the guy was a cracker for sure. :p

Re:Enlightening, but not much Impact

[Timesprout]

It doesn't. All the quality tools and books Mark has produced earned him that title.

Re:

[genghis_1971]

I see what he did was the antithesis of hacking, not that hacking has a definition any more. Apparently, writing books can earn you that title now.

It's how he found it...

[Anonymous Coward]

> How does discovering the Sony rootkit earn one the title of 'hacker'.

He found it with a rootkit detector he made on his own.

no list of evil hackers

[BrentRJones]

We will never know about the top evil hackers of the Internet, they will not leave a single fingerprint. All we will find is the results of their "exploits."

Re:

[BrentRJones]

In the real world, I believe it. But in the digital world it is possible to leave no traces but wiping the data clean and flushing the RAM and all the caches and well, maybe you have a point!

An addendum

[lightyear4]

I think Dan Kaminsky deserves at least an honorable mention in this list. Russinovich broke the story -- Kaminsky drove it home. He's the guy who did some amazing research regarding Sony's rootkit and its spread. (Using dns cache to ferret out statistical data was ingenious.) Now, the rootkit debacle did indeed occur in 2005; however, he published his studies on the brink of the new year. This enabled (very successful) class action lawsuits to go forward against Sony in 2006 and undeniably helped educate the general public about drm nastiness.

At the very least, Kaminsky is on my list.

Wow, talk about missing some details

[daveschroeder]

At the Black Hat Briefings in Las Vegas, Jon "Johnny Cache" Ellch teamed up with former SecureWorks researcher David Maynor to warn of exploitable flaws in wireless device drivers. The presentation triggered an outburst from the Mac faithful and an ugly disclosure spat that still hasn't been fully resolved.

Um, yeah, because nearly all of the news coverage of the vulnerability didn't describe it as the general 802.11 vulnerability that it was, affecting multiple chipsets and drivers and multiple operating systems, including Windows, Mac OS X, and Linux; it described it, and indeed trumpeted it, as vulnerability that affected Apple MacBooks and Mac OS X, with most articles making at best a passing reference that it could affect other platforms, if they even said that. Stories ran under headlines like "MacBook hijacked in 30 seconds -- wirelessly", and made it appear to be exclusively an Apple problem.

While this was made clear in their demo, they chose to demo on a MacBook with a third party wireless card whose identity was hidden - because of "responsible disclosure" - but then in the next breath tell Brian Krebs at the Washington Post that the MacBook's own integrated wireless is exploitable in the exact same way. How is that "responsible disclosure"? And to top it off, we have a SecureWorks "Senior Researcher" saying that he wants to fix Mac users' "smug" attitude about security (and this helps Mac OS X security in a meaningful way how?) and that many of these people apparently need lit cigarettes jammed into their eyes (to paraphrase). Even if said in jest or in fun, how is that professional? How does that do anything to better Mac OS X security?

How would a change in "user attitude" change the actual security situation on Mac OS X? I don't see a change in user attitude changing anything. Many Windows users know, at least marginally, that they are the target of innumerable attacks and thousands of pieces of malware. How does that change in any meaningful way the security situation on Windows?

More to the point: how does the press making a general and serious 802.11 vulnerability affecting numerous chipsets, drivers, and operating systems appear as only a MacBook problem serve a meaningful, or even truthful or accurate, security purpose?

For Ellch and Maynor, the controversy offered a double-edged sword. In many ways, they were hung out to dry by Apple and SecureWorks, two companies that could not manage the disclosure process in a professional manner. In some corners of the blogosphere, they were unfairly maligned for mentioning that the Mac was vulnerable.

No. They were maligned for saying they espoused "responsible disclosure", even carefully hiding the third party wireless card, but then saying that the MacBook's integrated wireless was vulnerable in the same way. NO OTHER AFFECTED VENDOR OR OS was treated that way. Only Apple.

They were maligned for being party to a Washington Post article that made outrageous accusations, like alleging that Apple "leaned on" them to not show this exploit, when there is no proof of that whatsoever.

They were maligned because after working with Apple engineers for almost a week at Black Hat, they could not provide any information directly to Apple on how, precisely, Apple's integrated drivers were vulnerable. Should they "do Apple's work for them"? No. But these weren't hobbyists. These were people presenting under the guise of an enterprise security company with responsible disclosure, and when you unleash a firestorm of bad PR on one and only one company's new flagship consumer portable, you'd better be prepared to have a little higher degree of interaction with that one vendor.

However, security researchers who understood the technical nature--and severity--of their findings, Ellch and Maynor were widely celebrated for their work, which was the trigger for the MoKB (Month of Kernel Bugs) project that launched with exploits for Wi-Fi driver vulnerabilities.

Yes. It was great that the

Re:

[daveschroeder]

Many of the Mac faithful believe that their systems are largely invulnerable to viruses and exploits because that's what the Mac ads said.

But that's also mostly true.

Sure, MacOSX is not currently a worthwhile target because they are just not that many.

Ah, marketshare. This actually seems to be the 21st century version of the "Macs have no software" argument. After "Macs have no software" lost its steam (or people saw it as the crap that it was), the new thing is "Macs really are insecure - in fact, possibly

Re:Wow, talk about missing some details

[daveschroeder]

No, it's not true and that's what the exploit shows. There's a perception that they are invulnerable because there's just not that many exploits in the wild, but that's clearly false. They are vulnerable. Arguably not *as* vulnerable as a comparable Windows system, but vulnerable nonetheless.

No, it is true. Security isn't just whether or not exploits can or do exist. Security is a much larger issue, which includes how often people in real-life, practical, day-to-day usage situations are actually affected by issues that cause compromises, data loss, recovery and remediation time, and so on. To date, Mac OS X has required virtually none of these, and asserting that it's only because of marketshare is false. This is also not "security through obscurity"; Mac OS X has been out for over five years, and has high market penetrations in "target rich" environments, such as academic, research, and other institutional settings. They do indeed receive scrutiny - no, not as much as Windows, and not as much as open source OSes such as Linux - but plenty of scrutiny nonetheless. These claims that the only or primary reason Mac OS X hasn't been significantly affected to date are only because of marketshare are bogus, not to mention unprovable.

And this rtsp exploit doesn't "show" anything. There have been NUMEROUS other exploits that can affect Mac OS X (and Windows, and other OSes) in a similar way simply by just visiting a malicious web site. Some of these have been SPECIFICALLY targeted at Mac OS X, and have allowed arbitrary code execution simply by visiting a malicious web site. Are these vulnerabilities severe? Yes. Am I saying this is a good thing? No. I'm saying this is NOTHING NEW, and doesn't prove anything other than Mac OS X, like any other operating system or large software product, has bugs, some of which can be exploited as vulnerabilities. No sensible person claims otherwise. What matters is how Apple responds to the issue.

No, this is twisting my words and attacking a straw man. Small marketshare does not equate to lack of software. [...]

No, I'm not saying you said that, and not doing the strawman thing at all. What I'm saying is exactly what I said: that the "Macs have only been relatively trouble free because of low marketshare" is virtually identical to the "Macs have no software [presumably because so few people use them]" argument: they're both at the same time false and passively insulting, as well as untrue.

But marketshare does contribute to how fast a virus propagates. There's a critical mass associated with epidemics and virus propagation. Too few and the incidences get caught within the first few systems. It's ridiculous to claim that userbase and marketshare is not important.

Wow. I didn't. I said: "Sure, [low marketshare] doesn't hurt, and probably helps a great deal." Elsewhere, I have said the same thing. Marketshare is absolutely a great protector against the kind of critical mass it's relatively much easier to accomplish on Windows.

But that is not the only thing that protects the platform! There are other factors as well, such as Mac OS X shipping in a reasonably secure state by default, and not providing facilities and vectors for spread of malware as easily and sometimes ridiculously as they have on Windows. Does this mean it's impossible on Mac OS X? Of course not.

But I also take issue with this use of "from remote" in security nomenclature in general. There is a HUGE difference between a worm that spreads and/or owns machines completely remotely and externally, with no user interaction of any kind, and someone having to visit a malicious web site (and yes, I know there is precedent for inserting something into, say, advertising on popular sites). As we sit here and talk about this rtsp exploit, dozens (hundreds?) of affected Windows machines at my location alone are being cleaned up from the latest completely remote and automated Windows worm.

Which is a preposterous statement giving your

Re:

[daveschroeder]

Because every time someone finds a security issue in OS X we have the same outburst from the Mac users, mostly in the form of personal attacks on the submitter. You think anybody wants to report an issue in OS X in the future? Is it worth 10000 angry emails, including death threats.

This argument is bogus.

People who don't sensationalize things don't get "10000 angry emails", and your death threat comment is laughable. No one's going to kill anyone for reporting a legitimate security vulnerability (and maybe

HD-DVD guy?

[sockonafish]

What about the guy that cracked HD-DVD's encryption scheme? That's surely more significant than most of these, and it happened in 2006.

Re:

[Junta]

One, the act may have technically occurred in 2006, but has yet to leave a mark.

Two, the stuff released so far is not interesting, the stuff released so far is simply "if you get the key, you can use this to decrypt", which is just a straight implementation of the public spec....

Hey!

[CDarklock]

Where's Kevin Mitnick?! It's a conspiracy!

In the sub-category of "Best Comedy"

[netbuzz]

Let us not overlook the contributions of Lyger and Jericho at attrition.org, who brought us the tale of "The GPA Hack That Wasn't" ... not to mention those squirrel pictures. http://www.networkworld.com/community/?q=node/9999 [networkworld.com]

Microsoft lost with vista....

[Anonymous Coward]

to a girl...

Polish researcher Joanna Rutkowska also used the spotlight of the 2006 Black Hat Briefings to showcase new research into rootkits and stealthy malware. In a standing-room-only presentation, she dismantled the new driver-signing mechanism in Windows Vista to plant a rootkit on the operating system and also introduced the world to "Blue Pill," a virtual machine rootkit that remains "100 percent undetectable," even on Windows Vista x64 systems.

Hackers

[certel]

I'm quite surprised that people can find as many exploits as they do.

Re:

[pahoran]

Then you've never been a programmer on a mid-to-large size project under the gun to deliver the software yesterday. And, by the way, YOU didn't set the deadline, your boss did.

All I know is...

[Billosaur]

...Joanna Rutkowska is the best looking of the five.

Re:

[Deadplant]

I concur.
I would totally "hit that" as the kids say.

Re:

[s7uar7]

Love the +1 Informative moderation :) Is that for people who have are browsing with Lynx?

Re:

[drpimp]

Speaking of hacking ... I wouldn't mind taking a crack at her box.

Re:

[hotdiggitydawg]

First time I've seen a photo of Mark Russinovich. Anyone else think that photo bears more than a passing resemblance to Neo?

Good vs GREAT hacker???

[really?]

Everybody know good hackers, nobody knows the great ones. Shrug.

Re:

[netriver]

What is the Greatness of destruction or chaos ?
  Is the fall of the twin towers a great thing ?

Re:

[really?]

Just wanting to be unknown does not mean you are necessarily a black hat. Not everyone craves attention, some people do it - hacking - "because it's there".
I have in the past - think Bitnet and e-mail addresses that!went!just!like!this - publicized stuff for friends who did not want/need the attention, but, who felt that knowledge had to be set free.

Ya right

[thorkyl]

A good one would not get caught
I great on leaves no trace they where there

H.D. Moore

[silk600]

HD Moore was by far the biggest contributor to change in security in 2006, metasploit is a hugely influential tool, allowing anyone, regardless of ability, penetrate insecure systems. Use extends to good or evil, but it's definitely significant.