Need more? Try out  Advanced Search (20+ criteria)»

logo

Last Update

This profile was last updated on 5/20/2017 and contains contributions from the  Zoominfo Community.

is this you? Claim your profile.

Wrong Will Dormann?

Will Dormann

Vulnerability Analyst

CERT Coordination Center

HQ Phone:  (412) 268-5800

Direct Phone: (412) ***-****direct phone

Email: w***@***.org

GET ZOOMINFO GROW

+ Get 10 Free Contacts a Month

Please agree to the terms and conditions.

I agree to the  Terms of Service and  Privacy Policy. I understand that I will receive a subscription to ZoomInfo Grow at no charge in exchange for downloading and installing the ZoomInfo Contact Contributor utility which, among other features, involves sharing my business contacts as well as headers and signature blocks from emails that I receive.

THANK YOU FOR DOWNLOADING!

computers
  • 1.Download
    ZoomInfo Grow
    v sign
  • 2.Run Installation
    Wizard
  • 3.Check your inbox to
    Sign in to ZoomInfo Grow

I agree to the Terms of Service and Privacy Policy. I understand that I will receive a subscription to ZoomInfo Community Edition at no charge in exchange for downloading and installing the ZoomInfo Contact Contributor utility which, among other features, involves sharing my business contacts as well as headers and signature blocks from emails that I receive.

CERT Coordination Center

4500 Fifth Avenue

Pittsburgh, Pennsylvania,15213

United States

Company Description

CERT is an organization devoted to ensuring that appropriate technology and systems management practices are used to resist attacks on networked systems and to limiting damage and ensure continuity of critical services in spite of successful attacks, accidents... more

Find other employees at this company (170)

Web References(128 Total References)


CERT's Podcast Series: Speaker Biographies

www.cert.org [cached]

Will Dormann
Will Dormann has been a software vulnerability analyst with Carnegie Mellon Software Engineering Institute's CERT Coordination Center (CERT/CC) since 2004. His focus area includes web browser technologies, ActiveX, and fuzzing. Will has discovered thousands of vulnerabilities through the use of fuzzing tools and other techniques.


Who Makes the IoT Things Under Attack? - Krebs on Security

krebsonsecurity.com [cached]

Which is part of the problem, says Will Dormann, senior vulnerability analyst at the CERT Coordination Center (CERT/CC).
"Even when users are interested in and looking for this information, the vendor doesn't always make it easy," Dormann said. Dormann said instead of hard-coding credentials or setting default usernames and passwords that many users will never change, hardware makers should require users to pick a strong password when setting up the device. Indeed, according to this post from video surveillance forum IPVM, several IoT device makers - including Hikvision, Samsung, and Panasonic - have begun to require unique passwords by default, with most forcing a mix of upper and lowercase letters, numbers, and special characters. "As long as the password can't be reversed - for example, an algorithm based off of a discoverable tidbit of information - that would be a reasonable level of security. Dormann said. "When it comes to software updates, automatic updates are good," Dormann said. Tags: CERT Coordination Center, CERT/CC, IoT, IPVM, Mirai botnet, mirai source code leak, Will Dormann This entry was posted on Monday, October 3rd, 2016 at 4:17 pm and is filed under Other.


Warning: Your networking tools are weakening your web security | InfoWorld

www.infoworld.com [cached]

Will Dormann, a senior vulnerability analyst at CERT, echoed the researchers' warnings that inspection products frequently make poor security decisions, such as improperly verifying the server's certificate chain before re-encrypting and forwarding traffic, so clients don't know if they connected to the legitimate server.
Some products don't forward the results of the certificate-chain verification, so everyone thinks everything went smoothly even if there were issues with that session. Another common mistake was completing the connection to the target server before displaying the warnings, at which point an attacker can still modify or view the information. "Organizations using an HTTPS inspection product should verify that their product properly validates certificate chains and passes any warnings or errors to the client," Dormann wrote. "At the very least, system administrators could contact the vendors of SSL inspection software to have them confirm the proper configuration options and behaviors," wrote Dormann.


US-CERT, Author at Green Valley Consulting

www.greenvalleyconsulting.org [cached]

These vulnerabilities were reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann. This document was written by Will Dormann.


FOE Archives - Green Valley Consulting

www.greenvalleyconsulting.org [cached]

These vulnerabilities were reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann. This vulnerability was reported by Will Dormann of the CERT/CC. This document was written by Will Dormann. This vulnerability was reported by Will Dormann of the CERT/CC. This document was written by Will Dormann. These vulnerabilities were reported by Will Dormann of the CERT/CC. This document was written by Will Dormann.


Similar Profiles

city

Browse ZoomInfo's Business
Contact Directory by City

city

Browse ZoomInfo's
Business People Directory

city

Browse ZoomInfo's
Advanced Company Directory