Billy (BK) Rios, a prominent hacker who spent most of the summer warning about serious URI protocol handling vulnerabilities affecting Windows users, has joined Microsoft as a Security Engineer.
Rios (left), a pen-testing specialist who once worked as an intrusion detection analyst at the Department of Defense, joined Microsoft last week to conduct simulated hacking attacks against products coming out of Redmond.
"I'm still amazed that companies actually pay me to hack software," Rios said, confirming his move and describing Microsoft as a "cool place" with "really smart people."
Prior to joining Microsoft, Rios worked as a senior security consultant for VeriSign and a penetration tester forErnst & Young's Advanced Security Center, breaking into information systems and helping clients in the Fortune 500 understand existing and emerging security risks.
Over the last few months, Rios teamed up with E&Y colleague Nate McFeters to expose numerous problems with URI protocol handling in Windows. The two researchers have regularly published proof-of-concept exploits for software flaws affecting Google, Firefox and Internet Explorer.
The hiring comes just one week before Microsoft's belated acknowledgment of URI handling problems that require a future Windows/Internet Explorer 7 update.