David Litchfield
Encyclopedia
David Litchfield is a renowned security expert from the United Kingdom, who focuses on the discovery and publication of computer security vulnerabilities with a special focus on database server software. Information Security Magazine voted him as "The World's Best Bug Hunter" for 2003.

Litchfield has found hundreds of vulnerabilities in many popular products, among which the most outstanding discoveries were in products by Microsoft
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...

, Oracle
Oracle Corporation
Oracle Corporation is an American multinational computer technology corporation that specializes in developing and marketing hardware systems and enterprise software products – particularly database management systems...

 and IBM
IBM
International Business Machines Corporation or IBM is an American multinational technology and consulting corporation headquartered in Armonk, New York, United States. IBM manufactures and sells computer hardware and software, and it offers infrastructure, hosting and consulting services in areas...

. At the Blackhat Security Briefings in July 2002 he presented some exploit code to demonstrate a buffer overflow vulnerability he had discovered in Microsoft's SQL Server 2000. 6 months later, on the 25th of January 2003, persons unknown were to use this code as the template for the SQL Slammer Worm.

After several years in vulnerability research, Litchfield made a move into Oracle forensics and has documented how to perform a forensic analysis of a compromised database server in a series of white papers - Oracle Forensics Parts 1 to 6. He is in the process of researching and developing an open source tool called the Forensic Examiner's Database Scalpel (F.E.D.S).

Litchfield founded a company named Cerberus Information Security which was acquired by @stake
@stake
ATstake, Inc. was a computer security professional services company in Cambridge, Massachusetts, United States. It was founded in 1999 by Battery Ventures and Ted Julian...

 in July 2000. A year and a half later he founded Next Generation Security Software
Next Generation Security Software Ltd
Nest Generation Security Software has been changed to NGS Secure Ltd is a security company headquartered in Manchester, England providing information assurance and compliance services....

with five colleagues from @stake. He is the author of various software packages, and also of many technical documents on security issues. He is the author of the Oracle Hacker's Handbook and is a co-author of the Database Hacker's Handbook, the Shellcoder's Handbook and SQL Server Security. He was also a contributing author for Special Ops.

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK