Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/19/2007
09:27 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Ranking Bugs, Saving Pigs

The man behind the SANS Top 20, Rohit Dhamankar, calls out bugs - and animal rights

His first hack may have been his most fortuitous: Rohit Dhamankar and his classmates in India had to hack into and use their engineering professors' email so they could apply to graduate schools in the U.S. "We didn't have email back then," he says of he and the other students at the Indian Institute of Technology in Kanpur who switched their names onto the accounts. "So we got into our professors' email accounts so we could send email. Some of them had never used email before, so they weren't checking it regularly."

Figure 1:

This is the same guy who today is responsible for choosing and ranking the world's top security vulnerabilities each week (as well as yearly) for the SANS Institute, and whose day job is senior manager of security research at TippingPoint. His desperate email crack back home in India landed him at the University of Texas at Austin, where he eventually switched from physics to electrical engineering. He got his first job in 1999 with Cisco Systems, where he worked as a software developer on intrusion detection and scanner products.

Dhamankar, 32, admits the SANS vulnerability list he compiles doesn't change drastically from week to week. About every six months, however, he witnesses a shift in the types of attacks underway. He's watched bug trends go from pervasive worms to phishing and spyware, and to client-side vulnerabilities in applications like Microsoft Office, he says.

Being the final word on vulnerability rankings isn't always a popular job, like the time in 2005 when he decided to put the MacOS on the SANS Top 20 list, a gutsy move that ticked off some rabid Mac users who cursed him and SANS publicly for calling out their beloved OS. But Dhamankar still stands by his then-controversial choice because he says he felt it was time MacOS users became aware of the bugs in the OS.

He thinks SANS' ranking system works, although it ultimately comes down to him to make the final call. Dhamankar sends out his strawman list to a panel of experts from enterprises, universities, security consultants, and vendors, who all put their heads together. "We seek out other users and ask if the list is useful to them," he says. "Nobody says 'you guys suck.'"

There is some overlap with his work at TippingPoint. Dhamankar basically manages the security research team responsible for TippingPoint's intrusion prevention systems. They analyze new vulnerabilities and attacks, and write signatures for the company's IPS products.

When he's not analyzing and ranking bugs, Dhamankar sings. He takes classical South Indian music vocal lessons and, from time to time, performs around Austin, where he's stayed since leaving India for UT. "I help promote the Indian classical music scene," he says. He also works with a battered women's organization. "These are women from ethnic backgrounds that come to the U.S. and are not treated well by their husbands."

Vulnerability is a theme with Dhamankar, for sure: He's also an animal lover, who wears a PETA t-shirt to work with a picture of a pig and "I Don't Have ANY Spare Ribs" emblazoned on it. Why People for the Ethical Treatment of Animals (PETA)? "There's the same problem with pigs and cows" and other animals being mistreated as there are with dogs and cats, he says. "Growing up in India, there were places where cows were in the cowshed, and they were very loving and intelligent, too." He witnessed cows who would only allow people they were familiar with to milk them, for instance.

Animal rights and security work sometimes mix, sometimes not, he says. "There are some people in the security industry that are like me, PETA supporters," he says. "And there are lot [who are not], with dark t-shirts, colored hair, and eating a lot of meat," he adds with a laugh.

Personality Bytes

  • What freaks him out: "We see a lot attacks come out of China, which freaks me out... They are going for all different kinds of attacks. It's kind of scary when you don't know what they are up to."

  • IDS dead?: "I do believe that technology is past its time. You should move to IPS now."

  • Phobia: "Hydrophobia. I've always had a fear of water, but I'm trying to get over it, taking swimming lessons. You see those kids at the pool out there, and you're petrified to go out into the deep and tread water. It's one of my challenges."

  • What his co-workers don't know about him: "They haven't heard my singing."

  • Favorite hangout: "Mozart's. It's right by the lake in Austin... a coffee place with live bands."

  • In his music player right now: "Indian classical music, but I'm trying to broaden my music range."

  • Comfort food: "Thai, Chinese, Indian, Italian."

  • Ride: "Honda Civic. It's a stick shift, nothing fancy."

  • Best Friend: "l love my dog -- Lance, an eight-year-old German Shepherd."

  • Next career: "I do hope someday to make enough money to retire and full-time work on learning music, and propagating that, and working more with nonprofits."

    — Kelly Jackson Higgins, Senior Editor, Dark Reading

  • TippingPoint Technologies Inc.
  • The SANS Institute
  • Cisco Systems Inc. (Nasdaq: CSCO) Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
     

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Oldest First  |  Newest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 8/10/2020
    Researcher Finds New Office Macro Attacks for MacOS
    Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
    Exploiting Google Cloud Platform With Ease
    Dark Reading Staff 8/6/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win an Amazon Gift Card! Click Here
    Latest Comment: They said you could use Zoom anywhere.......
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Changing Face of Threat Intelligence
    The Changing Face of Threat Intelligence
    This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-13285
    PUBLISHED: 2020-08-13
    For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issue reference number tooltip.
    CVE-2020-16087
    PUBLISHED: 2020-08-13
    An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafted file.
    CVE-2020-17463
    PUBLISHED: 2020-08-13
    FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
    CVE-2019-16374
    PUBLISHED: 2020-08-13
    Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control.
    CVE-2020-13280
    PUBLISHED: 2020-08-13
    For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message.