Jeff Forristal, CTO, Bluebox Security – A major Android vulnerability that could allow an attacker to hijack any legitimate app without modifying its digital signature was disclosed by Forristal in July. The CTO eventually went on to present on the “master key” flaw in detail at the Black Hat conference, where he revealed that other Android flaws existed which gave miscreants similar “master key” privileges.
Journalist Glenn Greenwald broke the Edward Snowden story in The Guardian. His investigations into the NSA whistleblower's revelations have unearthed truths the public was not aware of and that are fundamental to the privacy/security debate. His probing into government secrets and challenge of authority in the face of what he terms “a sustained and unprecedented attack on press freedoms and the news gathering process in the U.S.,” has rewarded a global audience keen to know what the U.S. government is doing in secret in the name of protecting the national security.
Marcia Hoffman, attorney, special counsel to the Electronic Frontier Foundation – Each year, a multitude of security researchers find vulnerabilities in popular products and technological platforms, many times sharing their findings with the community via conferences like Black Hat and DefCon. While they may be pushing boundaries and producing amazing work, there are extremely sensitive legal situations they must navigate around. Thankfully, there are attorneys like Marcia Hoffmann ready to be their guide. Her work in advising researchers and representing them in court was standout this year.
Alex Holden, CISO, Hold Security – Following a massive breach at Adobe, the CISO, along with security journalist Brian Krebs, aided the company in responding to the incident, which exposed the personal data of about 38 million customers. The duo also found that the Adobe attackers struck other entities, including LexisNexis, the National White Collar Crime Center and PR Newswire.
Avivah Litan, VP and distinguished analyst, Gartner – In a year that's been marked by endless cyber assaults on financial institutions, Avivah Litan disclosed information on a massive attack that didn't initially make headlines. While bank accounts are constantly targeted by miscreants, Litan was the first to share information on an attack method that took over the wire payment switch at several U.S. banks, allowing thieves to siphon millions from their choice accounts.
Karsten Nohl – After three years of research, Nohl, founder of Berlin-based Security Research Labs, said in July that his company had finally found a way to surreptitiously crack mobile SIM cards. That vulnerability affects millions of cell phone users by allowing attackers to locate the device, send texts and make phone calls to any number.