In August 2002, Chris Paget published a paper on a design flaw in Windows XP, NT4.0 and 2000 which permitted privilege escalation and what became known as Shatter Attacks. Microsoft replied that it was an intended design, but issued a security patch before the end of the year. Windows Vista was designed to avoid the issue.
In 2004 Chris married a woman.
In 2006 Paget and a team was contracted by Microsoft to analyse the new Windows Vista for security bugs. They found more than Microsoft expected and the release date had to be put back several months. The team received special T-shirts signed by the Vice President of Windows Development that proclaimed: "I delayed Windows Vista".
Paget became the chief hacker at Recursion Ventures, which specializes in hardware security. In 2008 Chris was declared one of the top 15 people in computer security by eWeek magazine.
In 2009 Paget built a machine for $250 from surplus hardware that was able to read the numbers on RFID chips in passports and drivers licences from a passing car at distances of up to nine metres.
In 2010 Paget, who was by now Kristin, wrote on her blog:
"I’ve decided that it’s time to stop living to other people’s expectations / prejudices and live life on my own terms instead. What does that mean? ... Sure, I’m biologically male, but for a long time I’ve regarded myself as mentally female; I’ve come to the conclusion that it really doesn’t work for me to try to be one or the other. I value my ability to switch back and forth as my mood dictates, and that means that how I present myself to the world switches back and forth as well. Some days I want to wear a pretty dress and sparkly jewellery, other days I want to be big, male, and intimidating. Why commit to one or the other fulltime when I can have both?"The next year Paget transitioned. She and her wife made a trip to Las Vegas, and Kristin went through the TSA screening at the airport as a woman for the first time. This led her to realize:
- Whenever I felt like I had a choice, I was choosing to be a woman.
- Whenever I felt like I *had* to be male it upset me immensely – I truly hated it.
- If I could cope with TSA as a woman, I could cope with anything.
"Most of the people I see on a daily basis never knew Chris and completely accept me as Kristin; looking back it feels like I never really was Chris, I was just Kristin pretending to be a boy and doing a lousy job of it."However she did run into the problem that she was expected to divorce her wife.
The Non-Disclosure Agreement re Windows Vista expired and Kristin gave a presentation on the project at the Las Vegas Black Hat Hacking convention.
In 2012 Kristin was employed by Apple to work on its security.
*not the cricketer, nor the novelist.
- Foon (Chris Paget). "Exploiting design flaws in the Win32 API for privilege escalation. Or...Shatter Attacks - How to break Windows." 4 Sep 2006. Online at: http://web.archive.org/web/20060904080018/http://security.tombom.co.uk/shatter.html.
- "Hacker Chris Paget on RFID". Beat the Chip, February 6, 2009. http://beatthechip.blogspot.ca/2009/02/hacker-chris-paget-on-rfid.html.
- Robert McMillan. "Apple Hires Hacker Who Helped Save Windows From Security Hell". Wired, 12.05.12. www.wired.com/wiredenterprise/2012/12/apple-hires-hacker.
- Filip Truta. "Apple Hires World-Class Hacker Kristin Paget (Formerly Chris Paget)". Softpedia, December 6th, 2012. http://news.softpedia.com/news/Apple-Hires-World-Class-Hacker-Chris-Paget-312605.shtml.
- Iain Thomson. "Apple security team adds British white hat hacking talent". The Register, 6th December 2012. www.theregister.co.uk/2012/12/06/apple_hires_kristen_paget.
- Kristin Paget. "Hacking Gender", 3-Jan-10. "Gay Marriage and Gender Transition", 15-Jul-11. "Rebirthday", 23-May-13. Kristin Paget's Blog. www.tombom.co.uk/blog.
No comments:
Post a Comment
Comments that constitute non-relevant advertisements will be declined, as will those attempting to be rude. Comments from 'unknown' and anonymous will also be declined. Repeat: Comments from "unknown" will be declined, as will anonymous comments. If you don't have a Google id, I suggest that you type in a name or a pseudonym.