Michał Zalewski, Director Information Security Engineering, leaves Google(twitter.com)
twitter.com
Michał Zalewski, Director Information Security Engineering, leaves Google
https://twitter.com/lcamtuf/status/976307141177884672
40 comments
If you don't know who this is, read his CV: http://lcamtuf.coredump.cx/cv-web-en.pdf
yeah I think it's feeling the HN effect already
(a bit ironic that it doesn't have https enabled)
(a bit ironic that it doesn't have https enabled)
>> http://lcamtuf.coredump.cx/cv-web-en.pdf
> (a bit ironic that it doesn't have https enabled)
That sounds like an interesting trick... MITM the CV of a famous security person in order to land a security job?
> (a bit ironic that it doesn't have https enabled)
That sounds like an interesting trick... MITM the CV of a famous security person in order to land a security job?
Wait, this is lcamtuf? Wow.
I've always been in awe of his AFL fuzzer:
http://lcamtuf.coredump.cx/afl/
https://lcamtuf.blogspot.com/2014/11/pulling-jpegs-out-of-th...
I've always been in awe of his AFL fuzzer:
http://lcamtuf.coredump.cx/afl/
https://lcamtuf.blogspot.com/2014/11/pulling-jpegs-out-of-th...
He also wrote Ratproxy: https://code.google.com/archive/p/ratproxy/
He also had a pretty popular post here a while back about prepping for doomsday [1], interesting read.
[1] https://news.ycombinator.com/item?id=15110850
[1] https://news.ycombinator.com/item?id=15110850
I just got one of those periodic "wow, those are the same person?" Internet moments; I've both used AFL a fair bit, and read Tangled Web, but never connected the two.
Impressive fellow.
Impressive fellow.
"Silence on the Wire" is still my favourite security book!
I loved Silence on the Wire (your [2]) - really changed my perspective on how much we "give away" passively
That's funny because there is another book [1] with exactly the same title and also about computer security, although it predates the one you mention by a decade.
[1] https://www.amazon.com/Tangled-Web-Securing-Modern-Applicati...
[1] https://www.amazon.com/Tangled-Web-Securing-Modern-Applicati...
That's the same book and link.
Oops, my bad. I meant this one:
https://www.amazon.com/TANGLED-WEB-Digital-Shadows-Cyberspac...
https://www.amazon.com/TANGLED-WEB-Digital-Shadows-Cyberspac...
@jvanegue:
> there is a CISO position to fill at @facebook I hear
@lcamtuf:
> Waiting for NYTimes to tell me why I am leaving Google first.
This little exchange speaks volumes about what's happening in the the media regarding the tech industry: one company behaves badly and then all get tarred and feathered. Facebook's security leadership starts jumping ship, and when someone analogous from Google, a completely different organization with a completely different (i.e. existent) moral compass and set of security practices leaves his post for unstated reasons at about the same time, the world assumes a similar scandal is on the way.
> there is a CISO position to fill at @facebook I hear
@lcamtuf:
> Waiting for NYTimes to tell me why I am leaving Google first.
This little exchange speaks volumes about what's happening in the the media regarding the tech industry: one company behaves badly and then all get tarred and feathered. Facebook's security leadership starts jumping ship, and when someone analogous from Google, a completely different organization with a completely different (i.e. existent) moral compass and set of security practices leaves his post for unstated reasons at about the same time, the world assumes a similar scandal is on the way.
You say that line speaks volumes, I say it's a throwaway joke very much in character with Zalewski's twitter feed.
This is part of the problem of linking directly to individual tweets as front page news on HN.
This is part of the problem of linking directly to individual tweets as front page news on HN.
> the world assumes a similar scandal is on the way.
I see no-one assuming that.
I see no-one assuming that.
I am. This morning qanon said FBI opened an investigation on him and his site opens a virus only on chrome, as of this morning.
> This little exchange speaks volumes about what's happening in the the media regarding the tech industry: one company behaves badly and then all get tarred and feathered.
Perhaps that's perfectly fair, and perhaps everyone has a responsibility for the standards and behavior in their community. That would apply especially to Google, a leader in the community. To the degree the public views the standards (including laws and regulations) as insufficient because of what Facebook has done, perhaps they are correct. And it won't be changed without Google's direct involvement; the public might wonder, why hasn't Google seen to these issues already (if they have, it's largely been ineffective). If fraud is rife on Wall Street, is it wrong to hold Goldman Sachs accountable regardless of their direct involvement? Is it plausible that Goldman Sachs is not directly involved, given their size and influence? Doesn't Goldman Sachs have a responsibility to fix the problem, regardless, at least as a leader?
(Thanks to dpark for providing essential context about the parent comment: The author works at Google.
https://news.ycombinator.com/item?id=16640453 )
Perhaps that's perfectly fair, and perhaps everyone has a responsibility for the standards and behavior in their community. That would apply especially to Google, a leader in the community. To the degree the public views the standards (including laws and regulations) as insufficient because of what Facebook has done, perhaps they are correct. And it won't be changed without Google's direct involvement; the public might wonder, why hasn't Google seen to these issues already (if they have, it's largely been ineffective). If fraud is rife on Wall Street, is it wrong to hold Goldman Sachs accountable regardless of their direct involvement? Is it plausible that Goldman Sachs is not directly involved, given their size and influence? Doesn't Goldman Sachs have a responsibility to fix the problem, regardless, at least as a leader?
(Thanks to dpark for providing essential context about the parent comment: The author works at Google.
https://news.ycombinator.com/item?id=16640453 )
Has the New York Times actually published an article about this? Until that happens I think you’re denouncing a phenomenon that doesn’t exist.
I think you're missing the joke here...
I don’t. Nothing about jfasi’s comment reads like a joke.
Waited too long and can't edit:
jfasi works at Google and seems to be expressing his honest opinion when he says that they have a "different (i.e. existent) moral compass". He's not making the joke that Google is the same as Facebook and the reason Zelewski is leaving must be a data scandal.
jfasi works at Google and seems to be expressing his honest opinion when he says that they have a "different (i.e. existent) moral compass". He's not making the joke that Google is the same as Facebook and the reason Zelewski is leaving must be a data scandal.
Here is a post he wrote about leaving Poland and starting his journey to emigrate to the US. He ended working as Director of security @ google even without a college degree.
https://lcamtuf.blogspot.com.ar/2015/03/on-journeys.html
Among his many achievements, popularizing instrumented, legit data mutating, fuzzing (afl-fuzz) which revolutionized vulnerability research.
And his guerilla-CNC guide is also an awesome ressource.
Very curious about what he does next.
And his guerilla-CNC guide is also an awesome ressource.
Very curious about what he does next.
Whatever his plans are, this will be something big.
He is a guy who could, if he wanted, build a secure kernel for mobile devices for example.
I always think this security thing is a waste of his talent though, he's such a creative guy and could do many other different things, instead he gets paid for finding holes everywhere, and he's extremely good at it, so...
[deleted]
maybe he's going over to Facebook. Their Chief of Security just left
A tweet from a middle manager changing jobs doesn’t seem at all newsworthy. Are people reading more into this than they should be?
If it would not be newsworthy then it wouldn't be upvoted enough to get on first page on HN. It's newsworthy for me that's why I upvoted it and it seems 150+ more people thinks the same. If something is not newsworthy for you dosen't mean it's not newsworthy for others.
lcamtuf isn't exactly just "a middle manager"
Is it newsworthy? Not in the scandalous sense, no.
Is it newsworthy? Not in the scandalous sense, no.
A lot of folks in Hackernews have interest in security relevant topics also - Its one of the reasons I am here, so I appreciate quickly reading this and move on. Its a good indicator that HN is the right community for me. :)
I too am interested in security related topics. I don’t know what that has to do with this tweet. High profile contributors to the community changing jobs is pretty common, so I’m not sure why a tweet about this particular case is noteworthy.
Consider for a moment that Michal Zalewski might simply be held in esteem by the HN community, and therefore his leaving Google after 11 years is personally significant to many HN users.
Is that too far out for you to believe?
Is that too far out for you to believe?
I think highly of him as well, and am probably much more familiar with his work than just about everybody upvoting.
I commented because it’s not obvious to me why this tweet would be front page news when folks of roughly similar influence and visibility change jobs all the time, and we don’t seem to be submitting and upvoting their tweets.
Maybe soon we will report on what Dan Kaminsky ate for breakfast or which car Charlie Miller was spotted driving!
I commented because it’s not obvious to me why this tweet would be front page news when folks of roughly similar influence and visibility change jobs all the time, and we don’t seem to be submitting and upvoting their tweets.
Maybe soon we will report on what Dan Kaminsky ate for breakfast or which car Charlie Miller was spotted driving!
You're getting downvoted for calling Zalewski a "middle manager", but your point about this not being front-page newsworthy is well taken.
Another lesser known book by him is also worth a read: "Silence on the Wire" that takes a look at the full information security stack from the keyboard you type on, to the wires the data transits, to the internet protocols, etc [2] and looking at how each stage exposes/protects data.
And has quite an interesting history in infosec beyond that [3].
[1] https://www.amazon.com/Tangled-Web-Securing-Modern-Applicati...
[2] https://www.amazon.com/Silence-Wire-Passive-Reconnaissance-I...
[3] https://en.wikipedia.org/wiki/Micha%C5%82_Zalewski