Tavis Ormandy
Tavis Ormandy is an English computer security white hat hacker. He is currently employed by Google as part of their Project Zero team.[1]
Notable discoveries
Ormandy is credited with discovering severe vulnerabilities in Libtiff,[2] Sophos' antivirus software[3] and Microsoft Windows.[4] With Natalie Silvanovich he discovered a severe vulnerability in FireEye products in 2015.[5]
His findings with Sophos' products led him to write a 30-page paper entitled "Sophail: Applied attacks against Sophos Antivirus" in 2012, which concludes that the company was "working with good intentions" but is "ill-equipped to handle the output of one co-operative security researcher working in his spare time." and that its products shouldn't be used on high-value systems.[6]
He also created an exploit in 2014 to demonstrate how a vulnerability in Glibc known since 2005 could be used to gain root access on an affected machine running a 32-bit version of Fedora.[7]
In 2016, he demonstrated multiple vulnerabilities in Trend Micro Antivirus on Windows related to the Password Manager.[8]
References
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ RCE vulnerability in jar analysis, FireEye.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
External links
- Personal homepage
- Twitter account
- "Sophail: Applied attacks against Sophos Antivirus" - Ormandy's paper on insecurities in Sophos products