eEye Digital Security
eEye Digital Security >

Articles by Marc Maiffret

In Configuration We [Still] Trust

It has been roughly a year since we released our original paper titled “In Configuration We Trust.” The goal of that research was to try to draw awareness to the fact that a lot of security improvement can be made simply by how you architect your network and configure your operating systems and applications. These [...]

Continue Reading

Security Predictions: All Hat, No Cattle

This is the time of the year where holiday parties are had, gifts are exchanged, and everyone and their brother in the security industry write blog posts and press releases about their predictions for the coming year. This time of the year reminds me of how important eEye’s message of “Security in Context” is given [...]

Continue Reading

It Takes More Than a Decoder Ring

This week I was invited to lend my “expert thoughts” on a recent news piece on a UK intelligence agency which has opened up their hiring practices to include an online code cracking competition.  The team over at CNN’s Situation Room thought this was an interesting concept and invited me in for a quick discussion. [...]

Continue Reading

Duqu, Son of Stuxnet, Destroyer of Worlds!

So, as everyone has hopefully heard by now, the world is indeed coming to an end because of a new piece of malware dubbed Duqu. Duqu is supposed to be based off of Stuxnet and therefore it makes it the scariest thing in cyber space or, as FoxNews.com said, “Stuxnet Clone ‘Duqu’: The Hydrogen Bomb [...]

Continue Reading

1999 Called, It Wants Its Morto Worm Back

I had to do a double take on my Google Alerts this weekend when I saw the first of discussions around a worm dubbed “Morto” infecting systems via weak password brute forcing of Windows accounts over the Remote Desktop Protocol (“RDP”). These automated worms take me back, to the old days of CodeRed, Slammer, Sasser, [...]

Continue Reading

HP TouchPad Frenzy — Another Reason to Put Security in Context

I recently watched IT administrator mailing lists buzzing with conversations about where everyone could buy an HP TouchPad – with the almost free price, now that HP has discontinued the product. It was not only IT people looking to cash in on the sweet deal, but consumers also, which means employees (maybe at your company!), who [...]

Continue Reading

Right-click Metasploit Integration

At eEye we have been continuing an aggressive release schedule of major product updates that simplify your vulnerability management and compliance process. One of the ways that we continue to simplify vulnerability management is through new capabilities and reporting that allow for better prioritization of vulnerabilities from an overall risk management perspective. While other products [...]

Continue Reading

eEye Research Report: In Configuration We Trust

In configuration we trust. This statement couldn’t be truer to my research team and me, especially after discovering some of the findings in our latest report, which we publicly released last week. In the report, we describe simple configuration changes and software version upgrades that could mitigate many application vulnerabilities before patches are available. Some [...]

Continue Reading

Microsoft Enters the Security Research Arena

This week Microsoft announced important updates to policies around discovering and disclosing third-party software application vulnerabilities. They’ve officially expanded their Coordinated Vulnerability Disclosure (CVD) policy (launched last summer as a replacement/renaming of their “responsible disclosure” policy) and have made public an internal employee policy (launched in November 2010), which requires in-house researchers to adhere to [...]

Continue Reading

Scary Night Dragons Fall from Sky

Reading the headlines today one could not help but notice the latest installment of “scary Chinese hacker press” making the headlines. And who can blame the news media for latching on to this story as it has all the right ingredients: foreign governments targeting U.S. interests, catchy nicknames like Night Dragon, connections to a previous [...]

Continue Reading
Contact | Site Map | Privacy | Website Feedback | 1.866.339.3732
© 1998 - 2011 eEye Digital Security. All rights reserved