October 11th, 2007
Microsoft hires URI protocol handling bug finder
Billy (BK) Rios, a prominent hacker who spent most of the summer warning about serious URI protocol handling vulnerabilities affecting Windows users, has joined Microsoft as a Security Engineer.
Rios (left), a pen-testing specialist who once worked as an intrusion detection analyst at the Department of Defense, joined Microsoft last week to conduct simulated hacking attacks against products coming out of Redmond.
“I’m still amazed that companies actually pay me to hack software,” Rios said, confirming his move and describing Microsoft as a “cool place” with “really smart people.”
[SEE: Google hires browser hacking guru ]
Prior to joining Microsoft, Rios worked as a senior security consultant for VeriSign and a penetration tester forErnst & Young’s Advanced Security Center, breaking into information systems and helping clients in the Fortune 500 understand existing and emerging security risks.
Over the last few months, Rios teamed up with E&Y colleague Nate McFeters to expose numerous problems with URI protocol handling in Windows. The two researchers have regularly published proof-of-concept exploits for software flaws affecting Google, Firefox and Internet Explorer.
The hiring comes just one week before Microsoft’s belated acknowledgment of URI handling problems that require a future Windows/Internet Explorer 7 update.
ALSO SEE:
Protocol abuse adds to Firefox, Windows security woes
Command injection flaw found in IE: Or is it Firefox?
Mozilla caught napping on URL protocol handling flaw
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
