Security Threat Analysis: Interview With Dino A. Dai Zovi

By Alan Dang
published

We sat down with Dino A. Dai Zovi, a security researcher focused on offensive security and former member of the Sandia National Laboratories' Information Design Assurance Red Team (the guys who test the security of national agencies). Check it out.

Introduction

In our continuing series on personal computing security, today we’re talking with Dino A. Dai Zovi. Three years ago, the organizers of CanSecWest started a contest titled Pwn2Own. This contest involved the challenge of exploiting fully-patched retail laptops. Hack the laptop and you’d win the machine as the prize. Dino A. Dai Zovi was the first person to take down a Mac during the first Pwn2Own. Last year and this year, Charlie Miller took the honor of taking down two fully patched Macs. Dino and Charlie are co-authors on the The Mac Hacker's Handbook.

Alan: Thank you for taking the time to chat with us. So, before we begin, why don't you tell a little bit about yourself? 

Dino: I am a computer security professional and independent security researcher. My professional experience spans penetration testing, software security auditing, and security management. I am a co-author of two books, the most recent being The Mac Hacker's Handbook with Charlie Miller. I often speak at security conferences about my security research on exploitation techniques, 802.11 wireless client security, and hardware virtualization-based rootkits. I focus on offensive security research because I believe that it is necessary to view systems as an attacker would in order to design more secure systems.

Alan: Is “offensive” security research what’s most commonly practiced now?

Dino: It is in the rarity of the computer security industry, and still considered “taboo” by many practitioners. While some conferences, such as the Black Hat Briefings and CanSecWest, have a large number of talks that discuss security weaknesses, the larger conferences such as the RSA Expo cover it significantly less.

Alan: I did not realize that distinction. Now it makes sense why Black Hat Briefings and CanSecWest always seems to have the most interesting and innovative work being presented. How did you get started in the security business?

Dino: I had begun teaching myself computer security in high school and had been doing some miscellaneous consulting work since then, mostly performing penetration tests for local and remote businesses. That wasn't enough to pay my way through college, so I also worked part-time as a Unix systems administrator. I kept focusing on security in school and at work, and eventually I began working as a contractor for a research lab performing security analysis for their Unix administration group. From there, I was also able to start working for their Red Team and was eventually hired into that group to perform Red Team security assessments for external organizations. After I had graduated from college, I moved to NYC and started working for @stake, the digital security consulting firm that was later purchased by Symantec.

Alan Dang
Topics
Security
25 Comments Comment from the forums
  • cruiseoveride
    Wonder why he didnt mention SELinux
    Reply
  • mrubermonkey
    If it were so easy to "take down the Internet" I am sure Iran or China would have done it by now, but the vagueness of his last answer does add to the mystic of his image.
    Reply
  • AlanDang
    Not really -- the black hats make money off the Internet -- it doesn't help them. By definition though, the risk is always about "taking down" a few IXP's or the +1 nodes.
    Reply
  • "Selectively granting privileges to enhanced functionality to Web sites is an area where most Web browsers can improve".

    They may not be core functions but everyone I know who is concerned with security on the Internet uses Firefow with the add-ins Noscript & Flashblock.
    Reply
  • vaskodogama
    mrubermonkeyIf it were so easy to "take down the Internet" I am sure Iran or China would have done it by now, but the vagueness of his last answer does add to the mystic of his image.I am from Iran, All the Iranian Goverment can do, is blocking porn and politics web sites! :D
    Reply
  • pcworm
    I'm also from Iran , come one, we still connect using bloody dial up, you guys cant be serious! although due to the "no copyright" law we can buy Windows, Mathlab, VS 2008 team System,office 2007 and a lot more for less than a dollar each...:-) you dont need broadband here cause piracy is official
    Reply
  • Gutbop
    Dino: I'm a die-hard Unix user and Mac OS X is the most convenient and functional Unix-based operating system that I have ever used. I can code in a traditional Unix environment, watch a DVD, and use Microsoft Office all on the same system. The system JUST WORKS and lets me get my job done.

    Ahahahaha. Really!? Are you kidding me? Did Apple pay you to say that?
    Reply
  • Gutbop
    Dino: I'm a die-hard Unix user and Mac OS X is the most convenient and functional Unix-based operating system that I have ever used. I can code in a traditional Unix environment, watch a DVD, and use Microsoft Office all on the same system. The system JUST WORKS and lets me get my job done.

    Ahahahaha. Really!? Are you kidding me? Did Apple pay you to say that?
    Reply
  • Gutbop
    Dino: I'm a die-hard Unix user and Mac OS X is the most convenient and functional Unix-based operating system that I have ever used. I can code in a traditional Unix environment, watch a DVD, and use Microsoft Office all on the same system. The system JUST WORKS and lets me get my job done.

    Ahahahaha. Really!? Are you kidding me? Did Apple pay you to say that?
    Reply
  • I am a Mac user as well. I also use many versions of Windows and Linux in VM. I am not a security expert or anything but why is everyone hung up on someone taking down the internet. Hackers use the net to make money or prove a point. I don't think they are going to shut the net down and hold it hostage, who would be forking over the money anyway. And if they did it to prove a point how would they ever get recognition for the task when all communication stops.
    Reply