Google has snapped up one of the sharpest minds in the hacker community, luring
to help lock down its long list of Internet facing products.
Zalewski, a 26-year-old computer security whiz from Poland, joined the search engine giant about a week ago to work as an Information Security Engineer.
He confirmed the move via e-mail but declined to discuss specifics about the new gig.
[SEE: Google’s anti-malware team comes out of the shadows ]
The Zalewski hire is significant on several fronts. It adds a brand-name hacker to Google's security team (the company has been
looking for talent at hacker cons) at a time when it is struggling to cope with g aping holes in its line of products and, in a roundabout way, stops the public release of zero-day browser vulnerabilities.
Zalewski, who has been credited in the past with finding several major vulnerabilities (
buffer overflow in SendMail, weaknesses in TCP/IP ISNs, code execution hole in IE's JPG rendering) has spent most of 2007 releasing details of severe holes in Internet Explorer and Firefox -- constantly cracking the browsers' security models.
Zalewski paid special attention to Mozilla Firefox. On an almost-daily basis, he published proof-of-concept exploits for zero-day bugs in the open-source and forced Mozilla security engineers to constantly work on creating patches.
[SEE: Gaping holes exposed in fully-patched IE 7, Firefox ]
Microsoft's IE did not escape Zalewski's scrunity. Last month, he
dropped exploits for several serious IE vulnerabilities, some of which remain unpatched.