The topic of this article may not meet Wikipedia's notability guideline for biographies. (April 2021) |
Michał Zalewski (born 19 January 1981), also known by the user name lcamtuf, is a computer security expert and "white hat" hacker from Poland. He is a former Google Inc. employee (until 2018),[1] and currently the VP of Security Engineering at Snap Inc.
He has been a prolific vulnerability researcher and a frequent Bugtraq poster since the mid-1990s, and has written a number of programs for Unix-like operating systems. In 2005, Zalewski wrote Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks, a computer security book published by No Starch Press and subsequently translated into a number of languages. In 2011, Zalewski wrote The Tangled Web: A Guide to Securing Modern Web Applications, also published by No Starch Press.
For his continued research on browser security, he was named one of the 15 most influential people in security[2] and among the 100 most influential people in IT.[3]
Zalewski was one of the original creators of Argante, a virtual open source operating system. Among other projects, he also created p0f and American fuzzy lop.
Reported bugs
edit- "Manipulation of framed content can allow cross-site scripting". Opera Advisories. Archived from the original on January 28, 2012. Retrieved January 24, 2012.
- "CA-2003-25 Buffer Overflow in Sendmail". CERT Advisories. Retrieved August 22, 2005.
- "CA-2003-12 Buffer Overflow in Sendmail". CERT Advisories. Retrieved August 22, 2005.
- "CA-2001-09 Statistical Weaknesses in TCP/IP Initial Sequence Numbers". CERT Advisories. Retrieved August 22, 2005.
- "VU#945216 SSH CRC32 (...) Contains Remote Integer Overflow". CERT Advisories. Retrieved August 22, 2005. This vulnerability made an appearance[4] on The Matrix Reloaded.
- "VU#965206 Microsoft Internet Explorer (...) vulnerable to buffer overflow". CERT Advisories. Retrieved August 22, 2005.
- "VU#984473 Microsoft Internet Explorer contains overflow in processing script action handlers". CERT Advisories. Retrieved August 22, 2005.
- Firefox wyciwyg:// cache vulnerability
References
edit- ^ "Google's director of information security engineering is leaving the company". CyberScoop. 21 March 2018.
- ^ "15 Most Influential People in Security Today". Retrieved December 11, 2008.
- ^ "100 Most Influential People in IT". Retrieved December 11, 2008.[permanent dead link]
- ^ "Matrix Sequel Has Hacker Cred". Retrieved August 29, 2016.
External links
edit- Michał Zalewski's personal home page
- Michał Zalewski's personal blog
- Interview with Michał Zalewski at OnLamp Archived 2006-05-22 at the Wayback Machine