About

Arne Vidstrom is a Swedish IT security expert with over 20 years of experience. He's been a computer security engineer at the largest Swedish telecom operator, Telia, and an IT security researcher at the Swedish Defense Research Agency.

During the years he's worked with application security testing, security code reviews, penetration testing, security configuration reviews, security training, computer forensics, applied cryptanalysis, reverse engineering for both malware analysis and vulnerability research, SCADA security, security testing of network and telecommunications equipment, security tool development (both offensive and defensive), a bit of security monitoring and incident response, web security, exploit development, and more.

Arne is an electrical engineer and has a BSc in mathematics with a minor in information systems. His bachelor thesis was on coding theory. He also has an MSc in biology (behavioral biology, evolutionary psychology, evolutionary game theory, and neurobiology). In addition, Arne has taken university courses in business development, accounting, managerial accounting, business law, international business law, IT law, labor law, and administrative law.

He's also the technical editor of the McGraw-Hill Osborne Media book Windows Security Portable Reference

Vulnerabilities he has found and published

CVE-2013-0700 - Siemens SIMATIC S7-1200 industrial controller vulnerabilities

BID 55558 (2012) - McAfee Application Control whitelisting file execution vulnerability

BID 55554 (2012) - SE46 application whitelisting file execution vulnerability

CVE-2007-1194 - Norman Sandbox Analyzer vulnerability

CVE-2005-1578 - EnCase Forensic Edition vulnerability

BID 13611 (2005) - Ibas ExpertEraser improper disk wipe vulnerability

CVE-2001-0006 - Windows NT 4.0 winsock mutex vulnerability

CVE-2000-0121 - Windows 2000 and Windows NT 4.0 recycle bin vulnerability (credit shared with Nobuo Miwa)

CVE-2000-0116 - Check Point Firewall-1 vulnerability

CVE-2000-0089 - Windows NT 4.0 Terminal Server Edition RDISK vulnerability

CVE-1999-0839 - Windows NT 4.0 Task Scheduler vulnerability (credit shared with Svante Sennmark)

CVE-1999-0752 - Netscape Enterprise Server SSL handshake vulnerability

Plus a number of old vulnerabilities in lesser known products: CVE-2002-0222, CVE-2002-0139, CVE-2001-1281, CVE-2001-1280, CVE-2000-0016, CVE-1999-1535, CVE-1999-1500, CVE-1999-1236, CVE-1999-0776, CVE-1999-0219, CVE-1999-0079

Books mentioning his tools or vulnerabilities he has found


Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses
Hacking Exposed 7: Network Security Secrets and Solutions
Hacking Exposed Windows: Microsoft Windows Security Secrets And Solutions
Anti-Hacker Tool Kit, Fourth Edition
Network Security: A Hacker’s Perspective
Hacking Exposed 5th Edition: Network Security Secrets And Solutions
Ethical Hacking and Countermeasures: Attack Phases
Hacker's Challenge 3: 20 Brand New Forensic Scenarios & Solutions
Malware Forensics: Investigating and Analyzing Malicious Code
Penetration Testing: Security Analysis
Ethereal Packet Sniffing
Implementing Database Security and Auditing
Hacking Exposed, Windows Server 2003
Information Security Management Handbook, Fifth Edition
Professional Windows Desktop and Server Hardening
Windows Forensics
Windows Server 2003 Security Infrastructures
Web Security Pocket Reference
The Hacker's Handbook
Secrets of Computer Espionage: Tactics and Countermeasures
Hacking for Dummies
HackNotes Windows Security Portable Reference
Managing A Network Vulnerability Assessment
Special Ops: Host and Network Security
Windows XP Professional Security
Hacking Exposed Web Applications
Writing Secure Code
The art of deception
Hacking Exposed, 2nd edition
Hacking Exposed Windows 2000
Building Internet Firewalls, 2nd edition
Hackers Beware: Defending Your Network From The Wiley Hacker
Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses
Anti-Hacker Tool Kit
Microsoft Application Center 2000 Resource Kit
Steal This Computer Book 3: What They Won't Tell You About the Internet
Testing Web Security: Assessing the Security of Web Sites and Applications
Scene of the Cybercrime: Computer Forensics Handbook
Investigative Data Mining for Security and Criminal Detection
Incident Response: Computer Forensics Toolkit