About

I'm Arne Vidstrom, a security specialist based in Karlstad, Sweden. Before starting my own business at the turn of 2018/2019, I was an IT security researcher at the Swedish Defense Research Agency. Before that, I was a computer security engineer at the largest Swedish telecom operator, Telia.

During my 20+ years in the industry, I've worked with: application security testing, security code reviews, penetration testing, security configuration reviews, security training, computer forensics, applied cryptanalysis, reverse engineering for both malware analysis and vulnerability research, SCADA security, security testing of network and telecommunications equipment, security tool development (both offensive and defensive), web security, exploit development, a bit of security monitoring and incident response, and more.

I'm an electrical engineer, and I have a BSc in mathematics with a minor in information systems. My bachelor thesis was on mathematical coding theory. I also have an MSc in biology (focusing on behavioral biology, evolutionary psychology, evolutionary game theory, and neurobiology). In addition, I've taken university courses in business development, accounting, managerial accounting, business law, international business law, IT law, labor law, and administrative law.

I'm the technical editor of the McGraw-Hill Osborne Media book Windows Security Portable Reference, and I also write books myself, published under the Vidstrom Labs imprint.

Vulnerabilities I've found and published

CVE-2013-0700 - Siemens SIMATIC S7-1200 industrial controller vulnerabilities

BID 55558 (2012) - McAfee Application Control whitelisting file execution vulnerability

BID 55554 (2012) - SE46 application whitelisting file execution vulnerability

CVE-2007-1194 - Norman Sandbox Analyzer vulnerability

CVE-2005-1578 - EnCase Forensic Edition vulnerability

BID 13611 (2005) - Ibas ExpertEraser improper disk wipe vulnerability

CVE-2001-0006 - Windows NT 4.0 winsock mutex vulnerability

CVE-2000-0121 - Windows 2000 and Windows NT 4.0 recycle bin vulnerability (credit shared with Nobuo Miwa)

CVE-2000-0116 - Check Point Firewall-1 vulnerability

CVE-2000-0089 - Windows NT 4.0 Terminal Server Edition RDISK vulnerability

CVE-1999-0839 - Windows NT 4.0 Task Scheduler vulnerability (credit shared with Svante Sennmark)

CVE-1999-0752 - Netscape Enterprise Server SSL handshake vulnerability

Plus a number of vulnerabilities in lesser known products: CVE-2002-0222, CVE-2002-0139, CVE-2001-1281, CVE-2001-1280, CVE-2000-0016, CVE-1999-1535, CVE-1999-1500, CVE-1999-1236, CVE-1999-0776, CVE-1999-0219, CVE-1999-0079

Books mentioning my tools or vulnerabilities I've found


Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses
Hacking Exposed 7: Network Security Secrets and Solutions
Hacking Exposed Windows: Microsoft Windows Security Secrets And Solutions
Anti-Hacker Tool Kit, Fourth Edition
Network Security: A Hacker’s Perspective
Hacking Exposed 5th Edition: Network Security Secrets And Solutions
Ethical Hacking and Countermeasures: Attack Phases
Hacker's Challenge 3: 20 Brand New Forensic Scenarios & Solutions
Malware Forensics: Investigating and Analyzing Malicious Code
Penetration Testing: Security Analysis
Ethereal Packet Sniffing
Implementing Database Security and Auditing
Hacking Exposed, Windows Server 2003
Information Security Management Handbook, Fifth Edition
Professional Windows Desktop and Server Hardening
Windows Forensics
Windows Server 2003 Security Infrastructures
Web Security Pocket Reference
The Hacker's Handbook
Secrets of Computer Espionage: Tactics and Countermeasures
Hacking for Dummies
HackNotes Windows Security Portable Reference
Managing A Network Vulnerability Assessment
Special Ops: Host and Network Security
Windows XP Professional Security
Hacking Exposed Web Applications
Writing Secure Code
The art of deception
Hacking Exposed, 2nd edition
Hacking Exposed Windows 2000
Building Internet Firewalls, 2nd edition
Hackers Beware: Defending Your Network From The Wiley Hacker
Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses
Anti-Hacker Tool Kit
Microsoft Application Center 2000 Resource Kit
Steal This Computer Book 3: What They Won't Tell You About the Internet
Testing Web Security: Assessing the Security of Web Sites and Applications
Scene of the Cybercrime: Computer Forensics Handbook
Investigative Data Mining for Security and Criminal Detection
Incident Response: Computer Forensics Toolkit