Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:27 AM
Connect Directly

Ranking Bugs, Saving Pigs

The man behind the SANS Top 20, Rohit Dhamankar, calls out bugs - and animal rights

His first hack may have been his most fortuitous: Rohit Dhamankar and his classmates in India had to hack into and use their engineering professors' email so they could apply to graduate schools in the U.S. "We didn't have email back then," he says of he and the other students at the Indian Institute of Technology in Kanpur who switched their names onto the accounts. "So we got into our professors' email accounts so we could send email. Some of them had never used email before, so they weren't checking it regularly."

Figure 1:

This is the same guy who today is responsible for choosing and ranking the world's top security vulnerabilities each week (as well as yearly) for the SANS Institute, and whose day job is senior manager of security research at TippingPoint. His desperate email crack back home in India landed him at the University of Texas at Austin, where he eventually switched from physics to electrical engineering. He got his first job in 1999 with Cisco Systems, where he worked as a software developer on intrusion detection and scanner products.

Dhamankar, 32, admits the SANS vulnerability list he compiles doesn't change drastically from week to week. About every six months, however, he witnesses a shift in the types of attacks underway. He's watched bug trends go from pervasive worms to phishing and spyware, and to client-side vulnerabilities in applications like Microsoft Office, he says.

Being the final word on vulnerability rankings isn't always a popular job, like the time in 2005 when he decided to put the MacOS on the SANS Top 20 list, a gutsy move that ticked off some rabid Mac users who cursed him and SANS publicly for calling out their beloved OS. But Dhamankar still stands by his then-controversial choice because he says he felt it was time MacOS users became aware of the bugs in the OS.

He thinks SANS' ranking system works, although it ultimately comes down to him to make the final call. Dhamankar sends out his strawman list to a panel of experts from enterprises, universities, security consultants, and vendors, who all put their heads together. "We seek out other users and ask if the list is useful to them," he says. "Nobody says 'you guys suck.'"

There is some overlap with his work at TippingPoint. Dhamankar basically manages the security research team responsible for TippingPoint's intrusion prevention systems. They analyze new vulnerabilities and attacks, and write signatures for the company's IPS products.

When he's not analyzing and ranking bugs, Dhamankar sings. He takes classical South Indian music vocal lessons and, from time to time, performs around Austin, where he's stayed since leaving India for UT. "I help promote the Indian classical music scene," he says. He also works with a battered women's organization. "These are women from ethnic backgrounds that come to the U.S. and are not treated well by their husbands."

Vulnerability is a theme with Dhamankar, for sure: He's also an animal lover, who wears a PETA t-shirt to work with a picture of a pig and "I Don't Have ANY Spare Ribs" emblazoned on it. Why People for the Ethical Treatment of Animals (PETA)? "There's the same problem with pigs and cows" and other animals being mistreated as there are with dogs and cats, he says. "Growing up in India, there were places where cows were in the cowshed, and they were very loving and intelligent, too." He witnessed cows who would only allow people they were familiar with to milk them, for instance.

Animal rights and security work sometimes mix, sometimes not, he says. "There are some people in the security industry that are like me, PETA supporters," he says. "And there are lot [who are not], with dark t-shirts, colored hair, and eating a lot of meat," he adds with a laugh.

Personality Bytes

  • What freaks him out: "We see a lot attacks come out of China, which freaks me out... They are going for all different kinds of attacks. It's kind of scary when you don't know what they are up to."

  • IDS dead?: "I do believe that technology is past its time. You should move to IPS now."

  • Phobia: "Hydrophobia. I've always had a fear of water, but I'm trying to get over it, taking swimming lessons. You see those kids at the pool out there, and you're petrified to go out into the deep and tread water. It's one of my challenges."

  • What his co-workers don't know about him: "They haven't heard my singing."

  • Favorite hangout: "Mozart's. It's right by the lake in Austin... a coffee place with live bands."

  • In his music player right now: "Indian classical music, but I'm trying to broaden my music range."

  • Comfort food: "Thai, Chinese, Indian, Italian."

  • Ride: "Honda Civic. It's a stick shift, nothing fancy."

  • Best Friend: "l love my dog -- Lance, an eight-year-old German Shepherd."

  • Next career: "I do hope someday to make enough money to retire and full-time work on learning music, and propagating that, and working more with nonprofits."

    — Kelly Jackson Higgins, Senior Editor, Dark Reading

  • TippingPoint Technologies Inc.
  • The SANS Institute
  • Cisco Systems Inc. (Nasdaq: CSCO) Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 8/3/2020
    'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
    Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
    Average Cost of a Data Breach: $3.86 Million
    Jai Vijayan, Contributing Writer,  7/29/2020
    Register for Dark Reading Newsletters
    White Papers
    Cartoon Contest
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-08-05
    Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before version 4.8.3.
    PUBLISHED: 2020-08-04
    In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipm...
    PUBLISHED: 2020-08-04
    Extreme Analytics in Extreme Management Center before allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
    PUBLISHED: 2020-08-04
    save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF...
    PUBLISHED: 2020-08-04
    An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability.