Google hires browser hacking guru

Summary:Google has snapped up one of the sharpest minds in the hacker community, luring Michal Zalewski to help lock down its long list of Internet facing products.

Google hires browser hacking guru
Google has snapped up one of the sharpest minds in the hacker community, luring Michal Zalewski to help lock down its long list of Internet facing products.

Zalewski, a 26-year-old computer security whiz from Poland, joined the search engine giant about a week ago to work as an Information Security Engineer.

He confirmed the move via e-mail but declined to discuss specifics about the new gig.

[SEE: Google’s anti-malware team comes out of the shadows ]

The Zalewski hire is significant on several fronts. It adds a brand-name hacker to Google's security team (the company has been looking for talent at hacker cons) at a time when it is struggling to cope with gaping holes in its line of products and, in a roundabout way, stops the public release of zero-day browser vulnerabilities.

Zalewski, who has been credited in the past with finding several major vulnerabilities (buffer overflow in SendMail, weaknesses in TCP/IP ISNs, code execution hole in IE's JPG rendering) has spent most of 2007 releasing details of severe holes in Internet Explorer and Firefox -- constantly cracking the browsers' security models.

In February, Zalewski paid special attention to Mozilla Firefox. On an almost-daily basis, he published proof-of-concept exploits for zero-day bugs in the open-source and forced Mozilla security engineers to constantly work on creating patches.

[SEE: Gaping holes exposed in fully-patched IE 7, Firefox ]

Microsoft's IE did not escape Zalewski's scrunity. Last month, he dropped exploits for several serious IE vulnerabilities, some of which remain unpatched.

Topics: Browser, Google, Microsoft, Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.