CTO Marc Maiffret joins Dave and Bill again in The CyberHood today to talk about new research and technology…
Check out an excerpt from today’s press release 05/05/2011 below:
What a fantastic interview today! Marc shared some really great technology and IT Security news. eEye has a new Research Report out entitled, “In Configuration We Trust”, and their brand new Retina Community that provides a new way to protect your PC and your family. OH, and did I mention this is completely FREE to community users who have less than 32 computers in their network. How Cool is that?
Thanks to Marc and his team at eEye for all the work they do, on our behalf to keep us all safe online!
In addition, eEye will encourage SANS Security West attendees to take advantage of several free, online resources that the company provides to the IT security community. Retina Community is a free vulnerability scanner for up to 32 IPs, now being used by nearly four thousand organizations. Zero Day Tracker provides a catalogue of the newest zero-day vulnerabilities, instructions for quick remediation, and a historical record of past vulnerabilities. eEye’s Vulnerability Expert Forum (VEF), hosted by Maiffret and the eEye Research Team, is a popular monthly webinar attended by hundreds of IT security professionals seeking insight and information on recently announced critical vulnerabilities from Microsoft and other software vendors.
eEye is back in the research game. Since returning to the company last July, CTO Marc Maiffret (renowned Microsoft vulnerability expert) will release on May 5 a research report demonstrating how vulnerabilities, including Zero Days, can be mitigated without patches. In the report, Marc lays out several free and easy-to-perform tweaks that would will render most attacks futile.
For example, Aurora used an Internet Explorer vulnerability to gain a foot hold. However simply having a properly configured proxy server would have prevented any information from being stolen as the Aurora virus wasn’t proxy aware. Stuxnet could have been neutralized by upgrading to Windows 7 and implementing Access Control Lists.
In addition to demonstrating how to easily defend against attacks, the research also provides some startling statistics:
• Disabling WebDAV, WebClient Services and MS Office Converters would have prevented approximately 12% of all vulnerabilities patched by MS in 2010 from being easily exploited
• Upgrading to latest Microsoft Software could have allowed organizations to be unsusceptible to more than 50% of all MS software vulnerabilities in 2010
• Disabling features and subsystems not being used can negate at least 12% of vulnerabilities by reducing the number of attack vectors
Follow eEye Digital Security
Again thanks to Marc and his team at eEye for all the work they do, on our behalf to keep us (The CyberHood) all safe online!
Learn IT, DO IT, Teach IT, Share IT, BE IT
Your CyberHood Watch Partner
Radio Security Journalist
© 2006 – 2011 CyberHood Watch