Name Tavis Ormandy | ||
 | ||
Blackhat 2010 theres a party at ring0 tavis ormandy julien tinnes part mov
Tavis Ormandy is an English computer security white hat hacker. He is currently employed by Google as part of their Project Zero team.
Contents
- Blackhat 2010 theres a party at ring0 tavis ormandy julien tinnes part mov
- days tavis ormandy there s a party at ring0 and you re invited
- Notable discoveries
- References
days tavis ormandy there s a party at ring0 and you re invited
Notable discoveries
Ormandy is credited with discovering severe vulnerabilities in Libtiff, Sophos' antivirus software and Microsoft Windows. With Natalie Silvanovich he discovered a severe vulnerability in FireEye products in 2015.
His findings with Sophos' products led him to write a 30-page paper entitled "Sophail: Applied attacks against Sophos Antivirus" in 2012, which concludes that the company was "working with good intentions" but is "ill-equipped to handle the output of one co-operative security researcher working in his spare time" and that its products shouldn't be used on high-value systems.
He also created an exploit in 2014 to demonstrate how a vulnerability in Glibc known since 2005 could be used to gain root access on an affected machine running a 32-bit version of Fedora.
In 2016, he demonstrated multiple vulnerabilities in Trend Micro Antivirus on Windows related to the Password Manager, and vulnerabilities in Symantec security products.
In February 2017 he found and reported a critical bug in Cloudflare's infrastructure leaking user-sensitive data along with requests affecting millions of websites around the world which has been referred to as Cloudbleed (in reference to the Heartbleed bug also discovered by Google).