The surprising truth about the female history student who “hunts” 9 security holes of American corporations
Le My Quynh (24 years old)
-The valedictorian of the Institute of Cryptography in 2021.
– Scholarship for information security students in the Vietnam Posts and Telecommunications Group for 3 consecutive academic years from 2018-2021.
Full scholarship to study abroad in Russia.
– Find out 9 serious errors from products of Oracle technology corporation (USA) while studying at university.
– 1 in 10 typical faces of the Capital in 2021.
– Delegate of the Vietnam Women’s Knowledge Association participating in the 13th National Congress of Women’s Deputies.
For Le My Quynh, History has helped her tend to find out the source of all problems in life and work, before handling a problem, including finding security holes.
Specializes in History but likes technology
– Reporter: Hello Quynh, what fate brought you to the technology school despite being a history professional?
Le My Quynh: I chose to specialize in History because History helps me develop my good memory. Usually those who study History will choose social schools, but I don’t like Literature. My principled and practical personality, plus the fact that my father is an alumnus of technology, made me choose a university in this field.
– Reporter: Switching to studying technology, how did history help Quynh during her university years?
Le My Quynh: Learning History is an important factor that helps me shape my personality and train my memory. History is a subject that emphasizes the formation of things, so pursuing this subject helps me tend to understand the origin of all problems in life as well as work, before dealing with any problem. including finding security holes.
– Reporter: What made you choose to enter the Institute of Cryptography even though there are many technology schools?
Le My Quynh: The first is because my father is also an alumnus here. Moreover, I researched the universities’ scholarships to study abroad and found that the Cryptographic Institute of Technology has a full scholarship to Russia with a very interesting program. I entered the Academy with the desire to win a scholarship so that I could study in a field of my choice and reduce the financial burden on my parents.
– Reporter: So how was your scholarship application?
Le My Quynh: As expected, I got good grades and successfully won a full scholarship to study abroad in Russia.
My Quynh won a scholarship to study abroad in Russia but decided to give up and stay in Vietnam to complete her study program.
– Reporter: As far as I know, you have not studied abroad yet, have you given up on your desire to study abroad?
Le My Quynh: I did not give up my desire to study abroad, but put it off. I have carefully calculated this process and asked for more experience from some of the previous international students. If I choose to go to Russia, I have to study the language for a year, a preparatory year, and then study 5 more years at university. Taking 7 years with a program that is nothing new compared to the Institute of Cryptography, practical internship opportunities are also scarce. So I chose to stay, completing my engineering program at the Institute of Cryptographic Engineering.
The thorny journey of ‘hunting’ 9 holes
– Reporter: You are famous for having in your hand a collection of 9 security holes of Oracle technology corporation, so when did you start “hunting” these vulnerabilities?
Le My Quynh: I started hunting holes when I was intern at VNPT’s Information Security Center in year 3. I was responsible for finding vulnerabilities in the company’s technology products and customers’ use. Every day I devote all my time and effort to this, one day I am passionate about working until 2, 3 am.
– Reporter: What difficulties do you face when finding security holes?
Le My Quynh: To find a loophole I had a lot of trouble. At the beginning, I did not study specialized subjects, did not have basic knowledge, had to stay up all night to read documents, read research articles 10 or 20 times, unable to understand.
I spent almost a year just reading and researching the patches you found earlier. There were times when I was under pressure, doubting my ability when it took a lot of time and effort to search, but halfway through, I couldn’t find the error, had to quit.
– Reporter: When did you first discover the vulnerability? How did you feel at that time?
Le My Quynh: I discovered the first vulnerability at the end of 2019, after two months of reading and writing code continuously. That time was on the 29th of Tet, preparing to enter 2020.
After discovering the vulnerability, I made a file and sent it to Oracle technology corporation to wait for people to evaluate and acknowledge my discovery. In a month of waiting for people to respond, I was quite nervous, a little worried that the error I found was not a flaw, or that someone had found it before me.
Fortunately, in early February 2020, the first vulnerability I found was recognized. I was quite happy, somewhat excited because two months of staying up at night were not wasted.
– Reporter: After the first hole, what experience did you draw for the next search?
Le My Quynh: After discovering the first vulnerability, I had the experience of reading and finding bugs faster and then molded myself into a vulnerability process to apply evenly to the following bugs. The next holes I saved a lot of effort, at times two weeks in a row I found two vulnerabilities.
In 3 years Quynh found 9 security holes of an American technology corporation.
– Reporter: How many holes have you found so far?
Le My Quynh: From 2019 to July 2021, I discovered 9 Oracle vulnerabilities. Most of the vulnerabilities I exploit are related to the Java Deserialization mechanism, a malicious attack on the Java programming language platform. Once successfully attacked, this vulnerability can have unpredictable consequences.
Of the 9 vulnerabilities I discovered, 6 were rated as severe. In the two years 2020 and 2021, I was continuously honored by Oracle with my “collection” of vulnerabilities, receiving a bonus of 10,000 USD (about 230 million VND).
Future plans
– Reporter: Starting to work and finding gaps from the 3rd year of university, how do you balance studying and working?
Le My Quynh: I both want to be good at practice and firmly in theory, so I determine that studying is the main task, but getting work experience is equally important.
I work all day and go to school from 18 to 21:30, so I am extremely busy. Fortunately, after studying hard, I graduated with a score of 3.5/4, becoming the top valedictorian of the school.
My Quynh believes that the technology industry is not only for men, every girl with passion can try.
– Reporter: Knowing that you have been selected as one of the 10 young faces of the Capital in 2021, and as a representative of the Vietnam Women’s Knowledge Association participating in the 13th National Congress of Women’s Deputies, you can Share a little about your feelings?
Le My Quynh: At the time of making the application, I did not think I was selected, for me the people who were selected were those who made great contributions and were influential. When my name was called, I felt very surprised, happy and somewhat proud.
When I was fortunate enough to become a representative of the Vietnamese Women’s Knowledge Association, to participate in the 13th National Congress of Women’s Deputies, I was a bit strange, but also very honored. This is the last job I participated in before planning to study abroad.
For me, knowledge goes hand in hand with economic work, so when participating in the Congress, I want to inspire you, especially women. You must always cultivate knowledge because this is the core value for comprehensive self-development.
People often look at my work and assume that only men can do it. Participating in the 13th National Congress of Women’s Deputies is the time when I prove to everyone that although girls are weaker in health, it doesn’t mean that we can’t do jobs that require high intellectual and analytical skills. .
– Reporter: You said you plan to go abroad, can you share a bit about this trip?
Le My Quynh: After 3 years as a penetration tester and information security analyst at VNPT Cyber Immunity, I decided to quit my job. I feel that I have enough practical experience in the country, so I plan to study abroad.
When my parents heard that I wanted to go abroad, they respected this decision. So these days I put off hunting holes to spend more time with family and friends before making my own plans.
– Reporter: Have you planned to go to any country? And if you go, when will you return to Vietnam?
Le My Quynh: I’m still in the process of choosing which country I want to visit. If going abroad to study, it may take 1 to 2 years. I want to study and try at a certain technology company before going back to my hometown. Vietnam is still a place where I want to develop my career.
Thank you Quynh for today’s sharing session!
at Blogtuan.info – Source: cafebiz.vn – Read the original article here
