Contributors

Dan “Effugas” Kaminsky (CISSP) worked for two years at Cisco Systems designing security infrastructure for large-scale network monitoring systems. Dan has delivered presentations at several major industry conferences including Linuxworld, DEF CON, and the Black Hat Briefings, and he also contributes actively to OpenSSH, one of the more significant cryptographic systems in use today. Dan founded the cross-disciplinary DoxPara Research (www.doxpara.com) in 1997, seeking to integrate psychological and technological theory to create more effective systems for non-ideal but very real environments in the field. He is based in Silicon Valley, presently studying Operation and Management of Information Systems at Santa Clara University in California.

Rain Forest Puppy is a security research and development consultant for a Midwest-based security consulting company. RFP has been working in R&D and coding in various languages for over seven years. While the Web is his primary hobby focus point, he has also played in other realms including: Linux kernel security patches, lockdown of various Windows and UNIX operating systems, and the development of honeypots and other attack alert tools. In the past he’s reported on SQL tampering and common CGI problems, and has contributed security tools (like whisker) to the information security community.

Ken Pfeil is the Security Program Manager for Identix Inc.’s information technology security division. Ken started with Identix following his position as Chief Information Security Officer for Miradiant Global Network, Inc. Ken has over 14 years of IT and security experience, having served with such companies as Microsoft, Dell, and Merrill Lynch. While employed at Microsoft, Ken co-authored Microsoft’s “Best Practices for Enterprise Security” whitepaper series, and is the founder of “The NT Toolbox” Web site. He currently covers new security risks and vulnerabilities for Windows and .Net magazines’ Security Administrator publication, and was the resident expert for multiplatform integration and security issues for “The Windows 2000 Experts Journal.”

Joseph “Kingpin” Grand is a Boston-based electrical engineer and product designer. His pioneering hardware and security research has been published in various academic and industry journals. He has lectured widely on security product design and analysis, portable devices, and digital forensics. In addition to testifying before the United States Senate Governmental Affairs, Joseph has presented his research at the United States Naval Post Graduate School Center for INFOSEC Studies and Research, the USENIX Security Symposium, and the IBM Thomas J. Watson Research Center. Joseph was a long-time researcher with the L0pht hacker think tank. He holds a Bachelor’s of Science in Computer Engineering from Boston University in Boston, Massachusetts.

K2 is a security engineer. He works on a variety of systems ranging from UNIX to all other operating systems. He has spent a lot of time working through security issues wherever they exist; core kernels, networking services, or binary protections. K2 is a member of w00w00 and is a contributing member of The Honeynet Project. He would like to thank Anya for all her help and support throughout the year.

David M. Ahmad is Threat Analysis Manager for SecurityFocus and moderator of the Bugtraq mailing list. SecurityFocus is the leading provider of security intelligence services. David has played a key role in the development of the vulnerability database at SecurityFocus. The focus of this duty has been the analysis of software vulnerabilities and the methods used to exploit them. David became the moderator of Bugtraq, the well-known computer security mailing list in 2001. He currently resides in Calgary, Alberta, Canada with his family.

F. William Lynch (SCSA, CCNA, LPI-I, MCSE, MCP, Linux+, A+) is coauthor for Hack Proofing Sun Solaris 8 (ISBN: 1-928994-44-X), also published by Syngress Publishing. He is an independent security and systems administration consultant and specializes in firewalls, virtual private networks, security auditing, documentation, and systems performance analysis. William has served as a consultant to multinational corporations and the Federal government including the Centers for Disease Control and Prevention headquarters in Atlanta, Georgia as well as various airbases of the USAF. He is also the founder and director of the MRTG-PME project, which uses the MRTG engine to track systems performance of various UNIX-like operating systems. William holds a Bachelor’s degree in Chemical Engineering from the University of Dayton in Dayton, Ohio and a Masters of Business Administration from Regis University in Denver, Colorado.

Hal Flynn is a Threat Analyst at SecurityFocus, the leading provider of Security Intelligence Services for Business. Hal functions as a Senior Analyst, performing research and analysis of vulnerabilities, malicious code, and network attacks. He provides the SecurityFocus team with UNIX and Network expertise. He is also the manager of the UNIX Focus Area and moderator of the Focus-Sun, Focus-Linux, Focus-BSD, and Focus-GeneralUnix mailing lists.

Hal has worked the field in jobs as varied as the Senior Systems and Network Administrator of an Internet Service Provider, to contracting the United States Defense Information Systems Agency, to Enterprise-level consulting for Sprint. He is also a veteran of the United States Navy Hospital Corps, having served a tour with the 2nd Marine Division at Camp Lejeune, North Carolina as a Fleet Marine Force Corpsman. Hal is mobile, living between sunny Phoenix, Arizona and wintry Calgary, Alberta, Canada. Rooted in the South, he still calls Montgomery, Alabama home.

Ryan Permeh is a developer and researcher with eEye Digital Security. He works on the Retina and SecureIIS product lines and leads the reverse engineering and custom exploitation efforts for eEye’s research team. Ryan was behind the initital analysis of the CodeRed worm, and has developed many proof of concept exploits provided to vendors and the security community. Ryan has experience in NT, UNIX, systems and application programming as well as large-scale secure network deployment and maintenance. Ryan currently lives and works in sunny Orange County, California. Ryan would like to offer special thanks to Riley Hassel for his assistance in providing the Linux exploitation of a sample buffer overflow. He would also like to thank the rest of the eEye team, Greg Hoglund, and Ryan Russell, for the original foundation ideas included in his chapter.

Norris L. Johnson, Jr. (MCSE, MCT, CTT+, A+, Network +) is a technology trainer and owner of a consulting company in the Seattle-Tacoma area. His consultancies have included deployments and security planning for local firms and public agencies, as well as providing services to other local computer firms in need of problem solving and solutions for their clients. He specializes in Windows NT 4.0, Windows 2000, and Windows XP issues, providing planning, implementation, and integration services. In addition to consulting work, Norris provides technical training for clients and teaches for area community and technical colleges. He co-authored Configuring and Troubleshooting Windows XP Professional (Syngress Publishing, ISBN: 1-92899480-6), and performed technical edits on Hack Proofing Windows 2000 Server (ISBN: 1-931836-49-3) and Windows 2000 Active Directory, Second Edition (ISBN: 1-928994-60-1).

Norris holds a Bachelor’s degree from Washington State University. He is deeply appreciative of the support of his wife Cindy and three sons in helping to maintain his focus and efforts toward computer training and education.

Ido Dubrawsky (CCNA, SCSA) is a Network Security Engineer and a member of Cisco’s Secure Consulting Services in Austin, Texas. He currently conducts security posture assessments for clients as well as provides technical consulting for security design reviews. His strengths include Cisco routers and switches, PIX firewall, Solaris systems, and freeware intrusion detection systems. Ido holds a Bachelor’s and a Master’s degree from the University of Texas at Austin and is a member of USENIX and SAGE. He has written several articles covering Solaris security and network security for Sysadmin magazine as well as SecurityFocus. He lives in Austin, Texas with his family.

Robert Graham has been developing sniffers since 1990, where he wrote most of the protocol decodes for the ProTools protocol-analyzer, including real-time tools for password sniffing and Telnet session spying. Robert worked for Network General between 1994 and 1998 where he rewrote all of the protocol-decodes for the Sniffer protocol-analyzer. He founded Network ICE in 1998 and created the BlackICE network-snifing intrusion detection system. He is now the chief architect at Internet Security Systems in charge of the design for the RealSecure IDS.

Steve Manzuik (MCP) was most recently a Manager in Ernst & Young’s Security and Technology Solutions practice specializing in profiling services.

Over the last ten years Steve has been involved in IT integration, support, and security. Steve is a published author on security topics, a sought after speaker and information security panelist and is the moderator of a full disclosure security mailing list, VulnWatch (www.vulnwatch.org). Steve also has acted as a Security Analyst for a world wide group of White Hat Hackers and Security Researchers, the BindView RAZOR Team.

Steve is a board member of the Calgary Security Professionals Information Exchange (SPIE) group, which is an information-sharing group of local security professionals from various private and government sectors. Steve has a strong background in Microsoft technologies and the various security issues surrounding them, and has successfully guided multiple organizations in securing Microsoft Windows NT hosts for use in a hostile environment. He lives in Calgary, Alberta, Canada with his wife Heather, son, Greyson and newborn daughter Hope.