Microsoft hires URI protocol handling bug finder

Summary:Billy (BK) Rios, a prominent hacker who spent most of the summer warning about serious URI protocol handling vulnerabilities affecting Windows users, has joined Microsoft as a Security Engineer.

Microsoft hires URI protocol handling bug finder
Billy (BK) Rios, a prominent hacker who spent most of the summer warning about serious URI protocol handling vulnerabilities affecting Windows users, has joined Microsoft as a Security Engineer.

Rios (left), a pen-testing specialist who once worked as an intrusion detection analyst at the Department of Defense, joined Microsoft last week to conduct simulated hacking attacks against products coming out of Redmond.

"I'm still amazed that companies actually pay me to hack software," Rios said, confirming his move and describing Microsoft as a "cool place" with "really smart people."

[SEE: Google hires browser hacking guru ]

Prior to joining Microsoft, Rios worked as a senior security consultant for VeriSign and a penetration tester forErnst & Young's Advanced Security Center, breaking into information systems and helping clients in the Fortune 500 understand existing and emerging security risks.

Over the last few months, Rios teamed up with E&Y colleague Nate McFeters to expose numerous problems with URI protocol handling in Windows. The two researchers have regularly published proof-of-concept exploits for software flaws affecting Google, Firefox and Internet Explorer.

The hiring comes just one week before Microsoft's belated acknowledgment of URI handling problems that require a future Windows/Internet Explorer 7 update.

ALSO SEE:

Protocol abuse adds to Firefox, Windows security woes

Command injection flaw found in IE: Or is it Firefox?

Mozilla caught napping on URL protocol handling flaw

Topics: Microsoft, Browser, Operating Systems, Security, Software, Windows

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.