Michał Zalewski
Polish hacker (born 1981)
- Life
- 1981 – present
- Born
- January 19, 1981
- Nationality
- Poland
Michał Zalewski, also known by the user name lcamtuf, is a computer security expert and "white hat" hacker from Poland. He is a former Google Inc. employee, and currently the VP of Security Engineering at Snap Inc.
Early Career and Research
Michał Zalewski, widely known by the handle lcamtuf, emerged as a notable figure in the computer security community in the mid-1990s. A prolific poster to Bugtraq — one of the most prominent security vulnerability mailing lists — he built an early reputation through consistent vulnerability research and responsible disclosure. His reported findings span a broad range of critical systems, including buffer overflows in Sendmail (documented in CERT advisories CA-2003-12 and CA-2003-25), statistical weaknesses in TCP/IP initial sequence numbers, a remote integer overflow in SSH CRC32, and multiple vulnerabilities in Microsoft Internet Explorer. One of his reported vulnerabilities, the SSH CRC32 integer overflow, notably appeared in the film The Matrix Reloaded. He also reported a cache vulnerability in Firefox related to the wyciwyg:// protocol and a cross-site scripting issue in Opera involving manipulation of framed content.
Tools and Open Source Contributions
Zalewski has authored several significant tools for Unix-like operating systems. He was one of the original creators of Argante, a virtual open source operating system. He also created p0f, a passive operating system fingerprinting tool, and American Fuzzy Lop (AFL), a coverage-guided fuzzer that became widely adopted in the security research community for discovering software vulnerabilities through automated testing.
Published Works
In 2005, Zalewski authored Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks, published by No Starch Press. The book examines passive network reconnaissance techniques and indirect attack vectors, and was subsequently translated into multiple languages. In 2011, he published a second book, The Tangled Web: A Guide to Securing Modern Web Applications, also through No Starch Press, addressing the complexities of securing modern web infrastructure.
Professional Career
Zalewski held a position at Google Inc., where he continued his research into browser security, contributing to the broader understanding of web application vulnerabilities. He departed Google in 2018 and subsequently joined Snap Inc., where he serves as Vice President of Security Engineering.
Recognition
For his sustained contributions to browser security research, Zalewski was named one of the 15 most influential people in security and was also included among the 100 most influential people in information technology.
