Alexander Peslyak's bio

I originally wrote the following text (or rather an older revision of it) on request from an Openwall client company, such that they could make their prospective client aware of who would be doing the security work on a specific project, and the text was reused in a similar fashion on several occasions. This is why I wrote it in third person, and this is why I keep it written that way. I generally prefer to write about things I do (with all the technical detail) rather than about myself, which makes me a bit uncomfortable to specifically list my achievements, but doing so is needed for the business side of things. This is a bio, not a résumé. I have intentionally omitted things such as my skills, programming languages I “speak”, and so on. I am not looking for a job (and I have never been - instead, jobs would find me on their own); however, I may be interested in specifically-relevant contracts for Openwall, with ability to get the most appropriate people on our team involved. - solar

Alexander Peslyak, better known as Solar Designer, has been professionally involved in computer and network security since 1997, and he has been professionally developing software long before that. Alexander is an Open Source software author & team leader at Openwall Project and Openwall GNU/*/Linux, computer security expert, Founder & CTO at Openwall, Inc. - a professional services company with clients primarily in the US, member of informal and semi-formal computer security communities.

Alexander has presented on computer security and Open Source software topics at international conferences (HAL2001, NordU, FOSDEM, CanSecWest), served as the technical reviewer for a novel computer security book (Michal Zalewski's Silence on the Wire) and wrote the foreword for it. He is recognized in the “security community” primarily for the security tools (software) released to the public under liberal Open Source licenses, and for many contributions to other popular Open Source software (primarily Linux and related applications).

The vastly incomplete timeline is roughly as follows:

2008 - present

Advisory board member at oCERT (Open Source Computer Emergency Response Team), co-founder at oss-security (Open Source Software security initiative aimed at bringing cross-vendor coordination for publicly known vulnerabilities and post-disclosure discussions to public view).

2003 - present

Founder & CTO at Openwall, Inc. - a professional services company providing computer security consulting, security audits (systems and software), remote systems/security administration, software development (primarily Open Source with a focus on security), and related services.

2000 - present

Team leader at Openwall GNU/*/Linux - a security-enhanced operating system with Linux and GNU software as its core.

1999 - present

Founder and leader at Openwall Project, the primary focus of which is in development of information security related free software, information security research, publications, and community activities aimed at making existing free software safer to use.

(The development of some of the software released and maintained under Openwall Project started in 1996.)

1997 - present

Information security consultant at DataForce ISP.

1999 - 2001

Information security consultant at OXIR Internet Solutions, Inc.

1996 - 1999

Own Unix/Linux related software development and security projects, prior to “formally” starting the Openwall Project along with others on the team.

In a previous life:

1996 - “software protection” (anti-piracy) development under contract with Fukuoka Soken, Inc.

1994-1996 - software developer at Infort, JSC (developed a generic GUI toolkit capable of running on inexpensive pre-Windows PCs, which was used in the company's economics simulator “business game” sold to educational institutions)

1994-1996 - somewhat active on the demoscene and amateur computer networks

1992-1994 - software developer at NefteIntens, Ltd. (participated in implementing mathematical models of oil recovery processes such as hydraulic fracturing, created commercial-grade menu-driven user interfaces for said implementations, participated in migration and semi-automated translation of legacy software from mainframes/Fortran to PCs and contemporary development environments)

1989-… - assorted computer programming on various platforms (hobbyist)

1977 - Alexander was born ;-)

Selected achievements relevant to the “current life”:

1996-present - developed John the Ripper password cracker, which was the 10th most popular security tool out there according to an independent study conducted in 2006, and the first most popular of its kind (cross-platform and Unix password crackers); the homepage has exceeded 21 million hits

2007,2008 - the world's most deployed “web applications” (forum, blog, CMS “engines”) - phpBB3, WordPress (bbPress), Drupal - have chosen to adopt password security enhancements developed by Alexander

2000-2007 - many pieces of software originally developed for Openwall GNU/*/Linux got integrated into other major Unix-like operating systems, including major (and minor) Linux distributions, FreeBSD, and OpenBSD

2000,2001 - researched Secure Shell (SSH) vulnerability to timing analysis attacks (with Dug Song)

1999,2000 - came up with the first generic heap-based buffer overflow exploitation technique (disclosed to Netscape/AOL in 1999, won their “Bug Bounty”, public in 2000)

1999,2000 - analyzed and "broke" the cryptographic aspects of Cisco's TACACS+ protocol (disclosed to Cisco in 1999, public in 2000)

1997 - published the very first "return-into-libc" style buffer overflow exploits

1997 - enhanced the Linux kernel (2.0.x at the time) with non-execution memory protections for the first time, inspired by Casper Dik's patch for Solaris/SPARC - then others proceeded to make more elaborate patches for Linux, more elaborate changes were incorporated into OpenBSD, and many years later similar techniques even got into official Windows releases

1997 - published the very first Windows buffer overflow exploit

Some information is also available on Alexander's LinkedIn page.

There's a Wikipedia page on me, which I don't dare to edit myself. Someone so inclined could want to complete it with some of the information available above. - solar

Back to Alexander's pseudo homepage.