
Alexander Peslyak () (born 1977), better known as Solar Designer, is a security specialist from Russia. He is best known for his publications on exploitation techniques, including the
return-to-libc attack
A "return-to-libc" attack is a computer security attack usually starting with a buffer overflow in which a subroutine return address on a call stack is replaced by an address of a subroutine that is already present in the process executable memor ...
and the first
generic heap-based buffer overflow exploitation technique, as well as
computer security
Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...
protection techniques such as
privilege separation
Privilege may refer to:
Arts and entertainment
* Privilege (film), ''Privilege'' (film), a 1967 film directed by Peter Watkins
* Privilege (Ivor Cutler album), ''Privilege'' (Ivor Cutler album), 1983
* Privilege (Television Personalities album ...
for
daemon
A demon is a malevolent supernatural being, evil spirit or fiend in religion, occultism, literature, fiction, mythology and folklore.
Demon, daemon or dæmon may also refer to:
Entertainment Fictional entities
* Daemon (G.I. Joe), a character ...
processes.
Peslyak is the author of the widely popular
password cracking
In cryptanalysis and computer security, password cracking is the process of guessing passwords protecting a computer system. A common approach (brute-force attack) is to repeatedly try guesses for the password and to check them against an availab ...
tool
John the Ripper
John the Ripper is a free password cracking software tool. Originally developed for the Unix operating system, it can run on fifteen different platforms (eleven of which are architecture-specific versions of Unix, DOS, Win32, BeOS, and OpenV ...
. His code has also been used in various third-party operating systems, such as
OpenBSD
OpenBSD is a security-focused operating system, security-focused, free software, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by fork (software development), forking NetBSD ...
and
Debian
Debian () is a free and open-source software, free and open source Linux distribution, developed by the Debian Project, which was established by Ian Murdock in August 1993. Debian is one of the oldest operating systems based on the Linux kerne ...
.
Work
Peslyak has been the founder and leader of the
Openwall Project
The Openwall Project is a source for various software, including Openwall GNU/*/Linux (Owl), a security-enhanced Linux distribution designed for servers. Openwall Patch (computing), patches and security extensions have been included into many ma ...
since 1999. He is the founder of Openwall, Inc. and has been the CTO since 2003. He served as an advisory board member at the Open Source Computer Emergency Response Team (oCERT) from 2008 until oCERT's conclusion in August 2017. He also co-founded oss-security.
He has spoken at many international conferences, including
FOSDEM
Free and Open source Software Developers' European Meeting (FOSDEM) is an annual software engineering conference. It is non-commercial and volunteer-organized with a focus on free and open-source software. Initiated in 2000, it is usually held d ...
and CanSecWest. He wrote the foreword to
Michał Zalewski's 2005 book ''Silence on the Wire''.
Alexander received the 2009 "Lifetime Achievement Award" during the annual
Pwnie Award
The Pwnie Awards recognize both excellence and incompetence in the field of information security. Winners are selected by a committee of security industry professionals from nominations collected from the information security community. Nominees ...
at the
Black Hat Security Conference. In 2015
Qualys
Qualys, Inc. is an American technology firm based in Foster City, California, specializing in cloud security, compliance and related services.
Qualys has over 10,300 customers in more than 130 countries. The company has strategic partnerships ...
acknowledged his help with the disclosure of a
GNU C Library
The GNU C Library, commonly known as glibc, is the GNU Project implementation of the C standard library. It provides a wrapper around the system calls of the Linux kernel and other kernels for application use. Despite its name, it now also dir ...
gethostbyname
function buffer overflow ().
See also
*
Security-focused operating system
This is a list of operating systems specifically focused on computer security, security. Similar concepts include security-evaluated operating systems that have achieved certification from an code audit, auditing organization, and trusted operati ...
References
External links
Openwall Project home pageSolar Designer's pseudo homepage* http://phrack.org/issues/69/2.html#article
{{Linux people
1977 births
Living people
Hackers