Our Terms of Use and Privacy Policy have changed. We think you'll like them better this way.

Maiffret & eEye Provide Tips to Help Protect Against Attacks

  • Broadcast in Family



Follow This Show

If you liked this show, you should follow DigitalDave.

CTO Marc Maiffret joins Dave and Bill again in The CyberHood today to talk about new research and techonogly...


eEye is back in the research game. Since returning to the company last July, CTO Marc Maiffret (renowned Microsoft vulnerability expert) will release on May 5 a research report demonstrating how vulnerabilities, including Zero Days, can be mitigated without patches. In the report, Marc lays out several free and easy-to-perform tweaks that would will render most attacks futile.


For example, Aurora used an Internet Explorer vulnerability to gain a foot hold. However simply having a properly configured proxy server would have prevented any information from being stolen as the Aurora virus wasn’t proxy aware. Stuxnet could have been neutralized by upgrading to Windows 7 and implementing Access Control Lists.


In addition to demonstrating how to easily defend against attacks, the research also provides some startling statistics:


• Disabling WebDAV, WebClient Services and MS Office Converters would have prevented approximately 12% of all vulnerabilities patched by MS in 2010 from being easily exploited
• Upgrading to latest Microsoft Software could have allowed organizations to be unsusceptible to more than 50% of all MS software vulnerabilities in 2010
• Disabling features and subsystems not being used can negate at least 12% of vulnerabilities by reducing the number of attack vectors