July 30th, 2007
Google hires browser hacking guru
Google has snapped up one of the sharpest minds in the hacker community, luring Michal Zalewski to help lock down its long list of Internet facing products.
Zalewski, a 26-year-old computer security whiz from Poland, joined the search engine giant about a week ago to work as an Information Security Engineer.
He confirmed the move via e-mail but declined to discuss specifics about the new gig.
[SEE: Google’s anti-malware team comes out of the shadows ]
The Zalewski hire is significant on several fronts. It adds a brand-name hacker to Google’s security team (the company has been looking for talent at hacker cons) at a time when it is struggling to cope with gaping holes in its line of products and, in a roundabout way, stops the public release of zero-day browser vulnerabilities.
Zalewski, who has been credited in the past with finding several major vulnerabilities (buffer overflow in SendMail, weaknesses in TCP/IP ISNs, code execution hole in IE’s JPG rendering) has spent most of 2007 releasing details of severe holes in Internet Explorer and Firefox — constantly cracking the browsers’ security models.
In February, Zalewski paid special attention to Mozilla Firefox. On an almost-daily basis, he published proof-of-concept exploits for zero-day bugs in the open-source and forced Mozilla security engineers to constantly work on creating patches.
[SEE: Gaping holes exposed in fully-patched IE 7, Firefox ]
Microsoft’s IE did not escape Zalewski’s scrunity. Last month, he dropped exploits for several serious IE vulnerabilities, some of which remain unpatched.
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
