caddis

IRL Name:

Chris Spencer

Biography:

Accredited for finding numerous vulnerabilities for IBM Internet Security Systems;
while working on their team code named XFORCE.
Found buffer overflows in such applications as Sun Solaris's CDE (common desktop environment)
and HP's HP-UX printer daemon (rlpdaemon).
A previous speaker of Blackhat where in 2002 spoke on "Professional Source Code Auditing".

Facts

Part of ISS XFORCE

Spoke at Blackhat 2002

Rumors

Leaked radiusd exploit/bug early to TESO

Leaked opensshd skey exploit/bug early to TESO

References

http://www.iss.net/threats/advise101.html

http://www.blackhat.com/html/bh-usa-02/bh-usa-02-speakers.html#Dowd

http://attrition.org/security/advisory/iss/iss.01-07-05.radius