Twitter has been collecting a lot of security talent in the last year or so, but now a major piece of the company’s security team is leaving. Moxie Marlinspike, the creative security and privacy researcher who founded Whisper Systems, which was acquired by Twitter in 2011, said on Friday that he is leaving the company.
Marlinspike is one of the more well-respected and innovative minds in the security community and his departure from Twitter leaves the company with some big shoes to fill. Known in security and privacy circles for his research on SSL issues and certificate authority weaknesses, Marlinspike has been involved with a number of interesting projects in recent years.
In 2009 he introduced a new tool called SSLStrip that enabled users to hijack HTTP sessions and redirect supposedly secure HTTPS sessions to other routers, intercepting the traffic. Later, he developed Convergence, a system designed as a replacement for the existing CA infrastructure, which relies on a series of distributed trust notaries and lets users decide who to trust and when to revoke that trust. He also debuted a tool last summer called ChapCrack that is capable of cracking certain cryptographic passwords.
In a message posted on Twitter, Marlinspike said today would be his last day at the company and later said that he would be taking some time off to relax.
“Today is my last day working at Twitter. I’ve learned a lot here over the past year, and have worked with some great people. Farewell!” Marlinspike said.
While Marlinspike’s departure is a blow to the company’s security team, Twitter still has a pretty deep bench of security talent. In September, Charlie Miller joined Twitter’s security team, working directly under Marlinspike. Miller, best known for his research on Apple security, has said little about the kind of projects he’s working on at Twitter, but the company has been addressing a number of security and privacy issues in the last few months.
Moxie image via Andrew M. Freed.