Alexander Sotirov
Alexander Sotirov is a computer security researcher. He has been employed by Determina[1] and VMware.[2] In 2012, Sotirov co-founded New York based Trail of Bits[3] with Dino Dai Zovi and Dan Guido, where he currently serves as Chief Scientist.
Alexander Sotirov | |
---|---|
Alexander Sotirov | |
Born | Sofia, Bulgaria |
Other names | Alex Sotirov |
Citizenship | United States, Bulgaria |
Alma mater | University of Alabama |
Known for | Pwnie award organizer, Black Hat Briefings Review Board Member |
Scientific career | |
Fields | Computer Science |
He is well known for his discovery of the ANI browser vulnerability[4] as well as the so-called Heap Feng Shui technique[5] for exploiting heap buffer overflows in browsers. In 2008, he presented research at Black Hat showing how to bypass memory protection safeguards in Windows Vista. Together with a team of industry security researchers and academic cryptographers, he published research on creating a rogue certificate authority by using collisions of the MD5 cryptographic hash function[6] in December 2008.
Sotirov is a founder and organizer of the Pwnie awards, was on the program committee of the 2008 Workshop On Offensive Technologies (WOOT '08),[7] and has served on the Black Hat Review Board since 2011.[8]
He was ranked #6 on Violet Blue's list of The Top 10 Sexy Geeks of 2009.[9]
References
- John Markoff (2006-12-25). "Flaws Are Detected in Microsoft's Vista". The New York Times. Retrieved 2009-01-05.
- Dennis Fisher. "VMWare loses top security researcher Sotirov and exec Mulchandani". Retrieved 2009-01-05.
- Bill Brenner. "Trail of Bits: An alliance of #infosec heavyweights". Archived from the original on 2013-01-21. Retrieved 2012-02-14.
- "Vulnerability Note VU#191609: Microsoft Windows animated cursor stack buffer overflow". United States Computer Emergency Readiness Team. 2007-03-29. Archived from the original on 22 January 2009. Retrieved 2009-01-03.
- Alexander Sotirov. "Heap Feng Shui in JavaScript" (PDF). Archived (PDF) from the original on 5 January 2009. Retrieved 2009-01-03.
- Sotirov, Alexander; Marc Stevens; Jacob Appelbaum; Arjen Lenstra; David Molnar; Dag Arne Osvik; Benne de Weger (2008-12-30). "MD5 considered harmful today". Archived from the original on 2 January 2009. Retrieved 2009-01-02.
- "2nd USENIX Workshop on Offensive Technologies (WOOT '08)". Archived from the original on 6 January 2009. Retrieved 2009-01-05.
- "Black Bat Review Board". Retrieved 2012-06-09.
- Violet Blue. "Top10 Sexy Geeks 2009". Retrieved 2008-12-20.