I'm suggest to talk about more important subject. Why I thinking that David Matousec - liar and thief? And there is no place in scientific security community for people like him.
I'm suggesting to redistribute this information as you can.
David Matousec published a "new" advisory named it "KHOBE - 8.0 earthquake for Windows desktop security software
". The reality is -- there is nothing new. Moreover, this researches were stolen.
He were not lazy and created a new name for the thing that were know very long (veeeery long) before his article, wrote that he as k-rad security researcher and found a really new, critical problem. Found... Where? In the Google
? Is he stupid or thinks that other people are really stupid? Heh, I saw before that all "his" tests seems like written by students, that are under his lead. Maybe some of that students found a "yearly essay" in the Internet and just crossed up his "scientific adviser"? To publish researches made by other guy as his, researches that were made from 7 years (actual proof for NT-based systems, see below) to 14 years (1996 year
: theoretical, fundamental investigation
-- PDF, 64kb), and did not afraid to publish this to seclist (but what do you say about this article
, published on the same resource 7 years ago?), and did not forget to remind to all (including security vendors) that this "new" problem can be fixed, if they are will pay to him. Just pay to get access to the second and third part of the documentation... I'm advising to all vendors to get access for these parts absolutely for free. Just try to search in the Google the source name (not a "new" name from Matousec) of these type of attacks -- TOCTTOU
TOCTTOU flaws (TOCTTOU = time-of-check-to-time-of-use)
David Matousec stole his researches from this article
/ other link
(published 30 Dec 2003, about 7 years ago
: TOCTOU with NT System Service Hooking
: Andrey Kolishak <email@example.com> (Russian security researcher)
David Matousec did not published any sources or examples. Heh... They were published 7 years ago. By original researcher.
Please see here: TOCTOU with NT System Service Hooking Bug Demo
Here is more scientific researches for *nix systems (2005 year): PDF
(346 kb), with a pictures, schemes, calculations and so on.
Do not allow COMMERCIAL deceivers and thiefs to be in scientific security research community