Peiter Zatko
Peiter C. Zatko, better known as Mudge, is a network security expert, open source programmer, writer, and a hacker. He was the most prominent member of the high-profile hacker think tank the L0pht[1] as well as the long-lived computer and culture hacking cooperative the Cult of the Dead Cow.
Peiter "Mudge" Zatko | |
---|---|
Mudge during his tenure at DARPA | |
Born | December 1, 1970 |
Citizenship | American |
Alma mater | Berklee College of Music |
Known for | L0pht, L0phtcrack, DARPA Cyber Fast Track, Testimony to the Senate, CULT OF THE DEAD COW |
Awards | Secretary of Defense Exceptional Civilian Service Award, Order of Thor |
Scientific career | |
Fields | Computer Science Public administration Hacker |
Institutions | Google, Motorola, DARPA, L0pht |
While involved with the L0pht, Mudge contributed significantly to disclosure and education on information and security vulnerabilities. In addition to pioneering buffer overflow work, the security advisories he released contained early examples of flaws in the following areas: code injection, race condition, side-channel attack, exploitation of embedded systems, and cryptanalysis of commercial systems. He was the original author of the password cracking software L0phtCrack.[2]
In 2010 Mudge accepted a position as a program manager at DARPA where he oversaw cyber security research.[3] In 2013 Mudge went to work for Google in their Advanced Technology & Projects division.[4][5]
Biography
Born in December 1970, Mudge graduated from the Berklee College of Music at the top of his class[6] and is an adept guitar player.
Mudge was responsible for early research into a type of security vulnerability known as the buffer overflow. In 1995 he published "How to Write Buffer Overflows", one of the first papers on the topic.[7] He published some of the first security advisories and research demonstrating early vulnerabilities in Unix such as code injection, side-channel attacks, and information leaks, and was a leader in the full disclosure movement. He was the initial author of security tools L0phtCrack, AntiSniff, and l0phtwatch.
Mudge was one of the first people from the hacker community to reach out and build relationships with government and industry. In demand as a public speaker, he spoke at hacker conferences such as DEF CON[8] and academic conferences such as USENIX.[9] Mudge has also been a member of Cult of the Dead Cow since 1996.[10]
He was one of the seven L0pht members who testified before a Senate committee in 1998 about the serious vulnerabilities of the Internet at that time.[11] The L0pht became the computer security consultancy @stake in 1999, and Mudge became the vice president of research and development and later chief scientist.[12]
In 2000, after the first crippling Internet distributed denial-of-service attacks, he was invited to meet with President Bill Clinton at a security summit alongside cabinet members and industry executives.[13]
In 2004 he became a division scientist at government contractor BBN Technologies,[14] where he originally worked in the 1990s, and also joined the technical advisory board of NFR Security.[15] In 2010, it was announced that he would be project manager of a DARPA project focused on directing research in cyber security.[3] In 2013 he announced that he would leave DARPA for a position at Google ATAP.[5][16] In 2015 Zatko announced on Twitter he would join a project called #CyberUL, a testing organisation for computer security inspired by Underwriters Laboratories, mandated by the White House.[17]
On 11 August 2007 he married Sarah Lieberman, a co-worker at BBN.
DARPA
At DARPA he created the Cyber Analytical Framework the agency used to evaluate DoD investments in offensive and defensive cyber security. During his tenure he ran at least three DoD programs known as Military Networking Protocol (MNP), Cyber-Insider Threat (CINDER), and Cyber Fast Track (CFT).
Military Networking Protocol (MNP) provided network prioritization with full user-level attribution for military computer networks.[18]
Cyber-Insider Threat (CINDER) focused on identifying cyber espionage conducted by virtual insider threats such as future variants of Stuxnet or Duqu. CINDER is often mistakenly associated with WikiLeaks in the media.[19][20] This is possibly due to the confusion between DARPA programs focused on identifying human insider threat such as ADAMS[21] and the identification of software espionage posed by malware in the CINDER program.[22] This issue was clarified by Mudge in his Defcon 2011 keynote at 46 minutes and 11 seconds into the talk.[23]
Cyber Fast Track (CFT) provided resources and funding to security research, including programs run by hackers, hackerspaces, and makerlabs. The program provided an alternative to traditional government contracting vehicles that was accessible to individuals and small companies previously unable to work within the cumbersome and complicated DARPA process. The novel contracting effort had an averaging time of 7 days from receipt of proposal to funding being provided to the proposing research organization.[24] The program was initially announced at Shmoocon during his 2011 keynote.
Awards
Refereed papers
- An Architecture for Scalable Network Defense, Proceedings of the 34th Annual IEEE Conference on Local Computer Networks (LCN), Strayer, Miliken, Watro, Heimerdinger, Harp, Goldman, Spicuzza, Schwartz, Mankins, Kong, and Zatko., Proceedings of the 34th Annual IEEE Conference on Local Computer Networks (LCN), October 2009.
- SLINGbot: A System for Live Investigation of Next Generation Botnets, Alden Jackson, David Lapsley, Christine Jones, Mudge Zatko, Chaos Golubitsky, and W. Timothy Strayer, Proceedings of Cybersecurity Applications and Technologies Conference for Homeland Security (CATCH), Washington, D.C., March 2009.
- Security Analysis of the Palm Operating System and its Weaknesses Against Malicious Code Threats, Joe Grand and Mudge, 10th Usenix Security Symposium, Washington, D.C., August 2001.
- Cryptanalysis of Microsoft's PPTP Authentication Extensions (MSCHAPv2), Bruce Schneier, Mudge, and David A. Wagner, Secure Networking CQRE [Secure] 1999, International Exhibition and Congress, Springer Lecture Notes in Computer Science, no. 1740, pp. 192–203, Nov/Dec, 1999.
- Cryptanalysis of Microsoft's Point-to-Point Tunneling Protocol (PPTP), Bruce Schneier and Mudge, Fifth ACM Conference on Communications and Computer Security, pages 132–141, March 1998.
L0pht Security Advisories and Software
Mudge published numerous papers and advisories detailing security problems across different applications and operating systems and was a pioneering champion of full disclosure.
- Crontab buffer overflow vulnerabilities, Oct 2001[28]
- Initial Cryptanalysis of the RSA SecurID Algorithm, Jan 2001[29]
- AntiSniff: Identification of remote systems in promiscuous mode, May 2000[30]
- Race conditions within RedHat Linux initscripts, Dec 2000[31]
- Reverse Engineering Cactus Software shell-lock obfuscation techniques, Oct 1999[32]
- Solaris /bin/su side channel attack, June 1999[33]
- L0pht Watch: A tool for filesystem race condition attacks, Jan 1999[34]
- Hash disclosure vulnerabilities in Quakenbush Windows NT Password Appraiser, Jan 1999[35]
- suGuard privilege escalation attack, Jan 1999[36]
- Embedded FORTH Hacking on Sparc Hardware, Phrack Magazine, Volume 8, Issue 53, July 1998[37]
- Race Condition in Rational Systems ClearCase source control system, Jan 1998[38]
- Imap 4.1 remote memory dump and retrieval of sensitive information, Oct 1997[39]
- L0phtCrack: Technical rant on vulnerabilities in Microsoft encryption and passwords, July 1997[40]
- Root Compromise through Solaris libc_getopt(3), Jan 1997[41]
- BSD distributions of modstat allow compromise of DES keys, passwords, and ring 0 control, Dec 1996[42]
- Kerberos 4 memory leaks provide sensitive credential information via remote attacks, Nov 1996[43]
- Privilege escalation through Sendmail 8.7.5 GECOS buffer overflow vulnerability, Nov 1996[44]
- cgi-bin/test-cgi parsing vulnerabilities allow remote directory traversal, April 1996[45]
- Design weaknesses in the SecurID authentication system, 1996[46]
- MONKey: An attack on the s/key one-time-password system, 1995[47]
References
- Security Scene Errata Archived 2 May 2005 at the Wayback Machine
- Archived 4 March 2012 at the Wayback Machine L0phtCrack]
- "Hacker 'Mudge' gets DARPA job". 10 February 2010. Archived from the original on 9 January 2011. Retrieved 12 February 2010.
- "Peiter "Mudge" Zatko To Join Motorola Mobility's Advanced Technology & Projects (ATAP)". Archived from the original on 5 December 2013. Retrieved 9 September 2013.
- Archived 1 February 2015 at the Wayback Machine, Mudge goes to Google, retr 2013 4 12
- "Other Paths - Berklee College of Music". www.berklee.edu. Archived from the original on 10 October 2014. Retrieved 1 October 2014.
- "L0pht Heavy Industries Services". insecure.org. Archived from the original on 3 September 2006. Retrieved 24 August 2006.
- "DEF CON V Archives". www.defcon.org. Archived from the original on 14 June 2006. Retrieved 18 April 2006.
- "USENIX - The Advanced Computing Systems Association". www.usenix.org. Archived from the original on 24 September 2006. Retrieved 18 April 2006.
- "CULT OF THE DEAD COW: CULT OF THE DEAD COW". www.cultdeadcow.com. Archived from the original on 17 April 2006. Retrieved 18 April 2006.
- "Press Releases". 31 March 2005.
- "The L0pht, renowned 'hacker think-tank,' becomes @stake". Archived from the original on 30 June 2004. Retrieved 7 September 2018.
- Clinton fights hackers, with a hacker. Archived 10 September 2005 at the Wayback Machine
- "Hacker 'Mudge' Returns to BBN". Archived from the original on 28 September 2007. Retrieved 6 July 2007.
- "NFR Security Adds Leading Security Industry Experts to Technology Advisory Board". Archived from the original on 26 September 2006. Retrieved 12 July 2006.
- Archived 1 October 2014 at the Wayback Machine, Google goes DARPA, retr 2014 9 27
- Archived 3 July 2015 at the Wayback Machine, Famed Security Researcher Mudge Leaves Google, retr 2015 7 2
- Military Networking Protocol Archived 17 December 2011 at the Wayback Machine, retr 2012 2 12
- Darpa's Star Hacker Looks to WikiLeak-Proof Pentagon Archived 1 December 2013 at the Wayback Machine, Spencer Ackerman, Wired, August 31, 2010, retr 2012 2 12
- An Interview with WikiLeaks' Julian Assange Archived 16 August 2011 at the Wayback Machine, Andy Greenberg, Forbes, November 29, 2010
- Anomaly Detection at Multiple Scales Archived 21 January 2012 at the Wayback Machine, retr 2012 2 12
- Cyber Insider Threat Archived 11 January 2012 at the Wayback Machine, retr 2012 2 12
- BlackHat USA 2011 Keynote Archived 21 January 2012 at the Wayback Machine, retr 2012 2 12
- New Fast Track Program Okays Hacker Projects in Just Seven Days Archived 15 March 2014 at the Wayback Machine, Dawn Lim, Wired Magazine, November 14, 2011, retr 2012 2 12
- "Mudge receives Office of SecDef highest non-career civilian award". Archived from the original on 30 January 2015. Retrieved 28 September 2014.
- SC Magazine Top 5 Influential IT Security Thinkers of 2011 Archived 9 March 2012 at the Wayback Machine, Angela Moscaritolo, December 1, 2011, retr 2012 2 12
- Archived 5 July 2014 at the Wayback Machine, BBN Press Release, October 15, 2007, retr 2014 9 27
- "Crontab buffer overflow vulnerabilities, Oct 2001". Archived from the original on 3 March 2016. Retrieved 28 September 2014.
- "Initial Cryptanalysis of the RSA SecurID Algorithm" (PDF). Archived (PDF) from the original on 10 October 2015. Retrieved 28 September 2014.
- "NMRC L0pht Antisniff Product Review". Archived from the original on 4 March 2015. Retrieved 28 September 2014.
- "OpenNET security: L0pht Advisory: initscripts-4.48-1 RedHat Linux 6.1". www.opennet.ru. Archived from the original on 10 January 2016. Retrieved 28 September 2014.
- "L0pht Advisory: Cactus Software de-obfuscate and retrieve shell code". Archived from the original on 10 January 2016. Retrieved 28 September 2014.
- "discuss@menelaus.mit.edu: [10792] in bugtraq". diswww.mit.edu. Archived from the original on 10 January 2016. Retrieved 28 September 2014.
- "l0phtwatch Advisory". Archived from the original on 4 March 2016. Retrieved 28 September 2014.
- "NT Password Appraiser hash disclosure". Archived from the original on 17 April 2013. Retrieved 28 September 2014.
- "IFS trojan path vulnerability". Archived from the original on 4 March 2016. Retrieved 28 September 2014.
- ".:: Phrack Magazine ::". phrack.org. Archived from the original on 10 October 2014. Retrieved 28 September 2014.
- "BuddhaLabs/PacketStorm-Exploits". GitHub. Archived from the original on 10 January 2016. Retrieved 28 September 2014.
- "Imap core dump information disclosure". Archived from the original on 4 March 2016. Retrieved 28 September 2014.
- "Vulnerabilities in Microsoft password encryption". Archived from the original on 11 February 2017. Retrieved 28 September 2014.
- "Solaris 2.5 libc exploitation". Archived from the original on 3 April 2013. Retrieved 28 September 2014.
- "Modstat exploit". insecure.org. Archived from the original on 23 September 2015. Retrieved 28 September 2014.
- "L0pht Kerberos 4 remote memory leak". Archived from the original on 10 January 2016. Retrieved 28 September 2014.
- "Sendmail 8.7.5 GECOS buffer overflow vulnerability". Archived from the original on 3 March 2016. Retrieved 28 September 2014.
- "remote inventory via test-cgi vulnerability". Archived from the original on 4 March 2016. Retrieved 28 September 2014.
- "Weaknesses in the SecurID (RSA Token) authentication system". Archived from the original on 4 March 2016. Retrieved 28 September 2014.
- "S/Key password cracker". Archived from the original on 3 March 2016. Retrieved 28 September 2014.
External links
- L0phtCrack, Password Cracking Software