More than a few of you are no doubt familiar with Michal Zalewski — a.k.a lcamtuf — a Polish hacker, computer security expert and Google employee.There’s even a Wikipedia page on the man, which says the following: He has been a prolific vulnerability researcher and a frequent Bugtraq poster since mid-1990s, and has authored a number of programs for Unix-like operating systems. In 2005, Zalewski authored Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks, a computer security book published by No Starch Press and subsequently translated to a number of languages. For his continued research on browser security, he was named one of the 15 most influential people in security and among the 100 most influential people in IT.Zalewski was one the original creators of Argante, a virtual open source operating system.According to a couple friends on Twitter — security and risk management consultant Nick Selby and Threatpost scribe Paul Roberts — 2011 is starting with a bang in the form of 100 browser holes uncovered by cross_fuzz, Zalewski’s newest creation.He announced details of the fuzzer in his blog on New year’s Day: I am happy to announce the availability of cross_fuzz – an amazingly effective but notoriously annoying cross-document DOM binding fuzzer that helped identify about one hundred bugs in all browsers on the market – many of said bugs exploitable – and is still finding more.The fuzzer owes much of its efficiency to dynamically generating extremely long-winding sequences of DOM operations across multiple documents, inspecting returned objects, recursing into them, and creating circular node references that stress-test garbage collection mechanisms.But, he warns, the design can make it tough to get clean, deterministic reproductions. He writes:I also believe that at least one of the vulnerabilities discovered by cross_fuzz may be known to third parties – which makes getting this tool out a priority.His blog includes details on the bugs found and what has and hasn’t been fixed, as well as a link to download or simply demo the tool.–Bill Brenner Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe