Linus Särud stumbled across the world of web security by accident after finding a virus on his computer. His career in web security quickly took off and at 14, he hacked Google. Now, at 17, he is a web security columnist at IDG Sweden as well as a skilled security researcher and much appreciated member of the Detectify team. This is the story of how he became a white hat hacker and Detectify employee.
Linus Särud is 17 and goes by the nickname @_zulln online. Despite his youth, he is an experienced security researcher who has discovered severe security issues on widely used domains. Linus was among Detectify’s first employees – he was invited to join the team by one of company’s founders on an IRC channel. Since then, he has had an active role in the team and helped build our Knowledge Base, where Detectify users can find helpful information and remediation tips. During the day, Linus goes to high school (unsurprisingly, his favorite subjects are physics and mathematics), but his evenings and weekends are dedicated to security research and working at Detectify.
The virus that sparked an interest for security
Nowadays, Linus is an accomplished security expert, but he was not always interested in computers. It all started when he was 11 and downloaded a film that caused a virus to spread on his computer. Linus soon began to spend his free time on IRC and forum threads about web security, soaking up the knowledge shared by seasoned security experts. Like many other ethical hackers, Linus is driven by curiosity and a desire to understand how things work. He has childhood memories of taking apart a radio just to figure out how it was built. It was this very same curiosity that inspired him to delve deeper into web security and spread his knowledge to help make the internet a safer place.
Hacked Google at 14
Discovering an XSS on Google as a 14-year old was an important milestone for Linus. Google has a Responsible Disclosure program, which means they encourage ethical hackers to hack their sites and report any vulnerabilities they find. This helps companies become aware of new security issues and resolve them before attackers can. When Linus reported the vulnerability to Google, he was pleasantly surprised by their response. He says it felt like they really cared, which prompted him to further his career as a security researcher.
Writing for a well-known media corporation
Funnily enough, it was another XSS that paved the way to Linus’ becoming a web security columnist. A couple of years ago, just after he turned 14, Linus found an XSS on IDG Sweden’s website. He reached out to the editor in chief at Techworld, one of IDG’s more technology-oriented periodicals, and reported his finding straightaway. When Linus later contacted Techworld about summer job opportunities, the editor in chief suggested he write a column. When his first blog post was published, it was shared more than 3000 times and topped IDG’s most read list for an entire week.
The expert behind SPF research
Alongside writing articles, going to school and working at Detectify, Linus is committed to security research and his discoveries often attract media attention. In June 2016, he analysed the mail server configurations of some of the world’s top domains to establish whether they were vulnerable to email spoofing. The results were quickly picked up by news sites like PCWorld, ComputerWorld, ThreatPost, Security Week, CIO and The Sun. When Computer Sweden asked for his help with an investigation of the mail servers belonging to Sweden’s 100 largest companies, Linus was happy to pitch in and do more research.
Working at Detectify
Linus’ role at Detectify is dynamic and not limited to one team only. He writes engaging content for our security blogs and is the expert behind our popular OWASP series, where you can find simple explanations of the most common vulnerabilities. Linus is also responsible for a large part of our support and takes care of customers’ questions about the service, its functions, vulnerabilities, and how to interpret reports. He is familiar with the challenges customers face when tackling security and has experience explaining vulnerabilities and technical details in a clear and simple way.
For Linus, working at Detectify means getting the chance to learn from his fellow security experts such as Frans Rosén, one of the world’s top hackers, and Fredrik Nordberg Almroth, who is featured in both Google’s and Facebook’s Security Hall of Fame. Linus says it’s incredibly rewarding to work side by side with them.
Do you have questions for Linus or wish to know more about web security and Detectify? Let us know at hello[at]detectify.com!
Q & A with Linus Särud
Mac or PC?
Mac. So far, I haven’t tried anything that beats their touchpad and keyboards.
Your # 1 security advice?
Do not use the same password on multiple sites. It may sound simple and basic, but it’s sad to see how much damage this is still causing.
Do you have any advice to people who want to pursue white hat hacking?
Be active on IRC, Twitter, Reddit and other forums for security enthusiasts. Do not hesitate to ask people for help if there is something you are curious about, most people are very helpful.
Best source for web security information?
Twitter and IRC.