This article can also be found in the Premium Editorial Download "Information Security magazine: Reflections on the impact of Sarbanes-Oxley."
Download it now to read this article plus other related content.
|Researchers to Watch|
Shaping the next 10 years of information security
Joanna Rutkowska Joanna Rutkowska has been the star of a couple of Black Hat Briefings with her virtual rootkit presentations, in particular the Blue Pill root-kit, which she claims is undetectable even on 64-bit Vista systems. This year, Rutkowska demonstrated it was possible to defeat hardware-based memory acquisition.
Billy Hoffman HP's acquisition of SPI Dynamics netted it one of the brightest Web application hackers in the business. Billy Hoffman is front and center with his research on Java and browser security, and his Jikto tool, which exploits cross-site scripting holes, opened plenty of eyes this year. Hoffman got an early start on hacking; while at Georgia Tech, he developed a tool that analyzes data on magnetic strips.
Nate Lawson Nate Lawson's current research on embedding security into devices figures to have long-standing impact on information security. Lawson, who way back helped design the RealSecure
| IDS, has designed the B+ DRM scheme that was adopted for inclusion in Blu-ray disks.
Adrian Perrig Adrian Perrig is one of the brightest researchers at Carnegie Mellon University's CyLab. An assistant professor of electrical and computer engineering, Perrig is working to embed security into a redesigned Internet. He's also part of a team that developed an antiphishing tool called Phoolproof Phishing that leverages a mobile device to authenticate users and servers.
David Maynor/Robert Graham Two ISS veterans, David Maynor and Robert Graham, run consultancy Errata Security, but like Dai Zovi, spend their spare time keeping vendors honest. Maynor's infamous Mac-Book Wi-Fi hack demonstration at Black Hat two years ago blazed the trail; Graham followed this year with a presentation of a tool that hijacks user sessions on Web-based mail programs and social networking sites.
This was first published in January 2008