Microsoft hires URI protocol handling bug finder
Rios (left), a pen-testing specialist who once worked as an intrusion detection analyst at the Department of Defense, joined Microsoft last week to conduct simulated hacking attacks against products coming out of Redmond.
"I'm still amazed that companies actually pay me to hack software," Rios said, confirming his move and describing Microsoft as a "cool place" with "really smart people."
[SEE: Google hires browser hacking guru ]
Prior to joining Microsoft, Rios worked as a senior security consultant for VeriSign and a penetration tester forErnst & Young's Advanced Security Center, breaking into information systems and helping clients in the Fortune 500 understand existing and emerging security risks.
Over the last few months, Rios teamed up with E&Y colleague Nate McFeters to expose numerous problems with URI protocol handling in Windows. The two researchers have regularly published proof-of-concept exploits for software flaws affecting Google, Firefox and Internet Explorer.
The hiring comes just one week before Microsoft's belated acknowledgment of URI handling problems that require a future Windows/Internet Explorer 7 update.
ALSO SEE:
Protocol abuse adds to Firefox, Windows security woes