Google has snapped up one of the sharpest minds in the hacker community, luring Michal Zalewski to help lock down its long list of Internet facing products.
Zalewski, a 26-year-old computer security whiz from Poland, joined the search engine giant about a week ago to work as an Information Security Engineer.
He confirmed the move via e-mail but declined to discuss specifics about the new gig.
The Zalewski hire is significant on several fronts. It adds a brand-name hacker to Google's security team (the company has been looking for talent at hacker cons) at a time when it is struggling to cope with gaping holes in its line of products and, in a roundabout way, stops the public release of zero-day browser vulnerabilities.
Zalewski, who has been credited in the past with finding several major vulnerabilities (buffer overflow in SendMail, weaknesses in TCP/IP ISNs, code execution hole in IE's JPG rendering) has spent most of 2007 releasing details of severe holes in Internet Explorer and Firefox -- constantly cracking the browsers' security models.
In February, Zalewski paid special attention to Mozilla Firefox. On an almost-daily basis, he published proof-of-concept exploits for zero-day bugs in the open-source and forced Mozilla security engineers to constantly work on creating patches.
Microsoft's IE did not escape Zalewski's scrunity. Last month, he dropped exploits for several serious IE vulnerabilities, some of which remain unpatched.