Alexander Sotirov is a
computer security
Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...
researcher. He has been employed by Determina and
VMware. In 2012, Sotirov co-founded New York based Trail of Bits with Dino Dai Zovi and Dan Guido, where he currently serves as co-CEO.
He is well known for his discovery of the
ANI browser vulnerability, as well as, the so-called
Heap Feng Shui technique for exploiting
heap buffer overflows in browsers. In 2008, he presented research at
Black Hat showing how to
bypass memory protection safeguards in Windows Vista. Together with a team of industry security researchers and academic cryptographers, he published research on creating a rogue
certificate authority
In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Thi ...
by using
collisions of the
MD5
The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function MD4, and was specified in 1992 as Request for Comments, RFC 1321.
MD5 ...
cryptographic hash function
in December 2008.
Sotirov is a founder and organizer of the
Pwnie awards, was on the program committee of the 2008 Workshop On Offensive Technologies (WOOT '08), and has served on the Black Hat Review Board since 2011.
He was ranked #6 on
Violet Blue's list of The Top 10 Sexy Geeks of 2009.
References
External links
Alexander Sotirov's websiteTrail of BitsThe Pwnie Awards
{{DEFAULTSORT:Sotirov, Alexander
Living people
Computer security specialists
University of Alabama alumni
Year of birth missing (living people)