Microsoft hires URI protocol handling bug finder

Microsoft hires URI protocol handling bug finder

Summary: Billy (BK) Rios, a prominent hacker who spent most of the summer warning about serious URI protocol handling vulnerabilities affecting Windows users, has joined Microsoft as a Security Engineer.

SHARE:

Microsoft hires URI protocol handling bug finder Billy (BK) Rios, a prominent hacker who spent most of the summer warning about serious URI protocol handling vulnerabilities affecting Windows users, has joined Microsoft as a Security Engineer.

Rios (left), a pen-testing specialist who once worked as an intrusion detection analyst at the Department of Defense, joined Microsoft last week to conduct simulated hacking attacks against products coming out of Redmond.

"I'm still amazed that companies actually pay me to hack software," Rios said, confirming his move and describing Microsoft as a "cool place" with "really smart people."

[SEE: Google hires browser hacking guru ]

Prior to joining Microsoft, Rios worked as a senior security consultant for VeriSign and a penetration tester forErnst & Young's Advanced Security Center, breaking into information systems and helping clients in the Fortune 500 understand existing and emerging security risks.

Over the last few months, Rios teamed up with E&Y colleague Nate McFeters to expose numerous problems with URI protocol handling in Windows. The two researchers have regularly published proof-of-concept exploits for software flaws affecting Google, Firefox and Internet Explorer.

The hiring comes just one week before Microsoft's belated acknowledgment of URI handling problems that require a future Windows/Internet Explorer 7 update.

ALSO SEE:

Protocol abuse adds to Firefox, Windows security woes

Command injection flaw found in IE: Or is it Firefox?

Mozilla caught napping on URL protocol handling flaw

Topics: Microsoft, Browser, Operating Systems, Security, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion