Google hires browser hacking guru

Google hires browser hacking guru

Summary: Google has snapped up one of the sharpest minds in the hacker community, luring Michal Zalewski to help lock down its long list of Internet facing products.

SHARE:

Google hires browser hacking guruGoogle has snapped up one of the sharpest minds in the hacker community, luring Michal Zalewski to help lock down its long list of Internet facing products.

Zalewski, a 26-year-old computer security whiz from Poland, joined the search engine giant about a week ago to work as an Information Security Engineer.

He confirmed the move via e-mail but declined to discuss specifics about the new gig.

[SEE: Google’s anti-malware team comes out of the shadows ]

The Zalewski hire is significant on several fronts. It adds a brand-name hacker to Google's security team (the company has been looking for talent at hacker cons) at a time when it is struggling to cope with gaping holes in its line of products and, in a roundabout way, stops the public release of zero-day browser vulnerabilities.

Zalewski, who has been credited in the past with finding several major vulnerabilities (buffer overflow in SendMail, weaknesses in TCP/IP ISNs, code execution hole in IE's JPG rendering) has spent most of 2007 releasing details of severe holes in Internet Explorer and Firefox -- constantly cracking the browsers' security models.

In February, Zalewski paid special attention to Mozilla Firefox. On an almost-daily basis, he published proof-of-concept exploits for zero-day bugs in the open-source and forced Mozilla security engineers to constantly work on creating patches.

[SEE: Gaping holes exposed in fully-patched IE 7, Firefox ]

Microsoft's IE did not escape Zalewski's scrunity. Last month, he dropped exploits for several serious IE vulnerabilities, some of which remain unpatched.

Topics: Browser, Google, Microsoft, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Good to see further evidence

    that [b]Google[/b] is taking the security issue with the degree of seriousness it merits. For those of us who wish to utilise applications on the web rather than on the desktop, security - and, of course, reliability - are alpha and omega....

    Henri
    mhenriday
  • Google the 'Proctolgist' of the Internet.

    Public perception of google at the moment, points more to google using hackers to make privacy invasive uses of browser holes rather than necessarily closing them up. All hush, hush, of course, say what?
    rtb
  • RE: Google hires browser hacking guru

    Google hacking is easy. Peoples are using google rather then other search engines.

    -Paras Dorle
    parasdorle