in cyberspace you can drop a bomb that can then be tossed
back at you more effectively than your original.
Signed,
Marc Maiffret
Chief Security Architect
FireEye, Inc.
http://www.FireEye.com
[1] - http://gs.statcounter.com/#browser_version-CN-daily-20080701-20100119-bar
On Fri, Jan 22, 2010 at 2:41 PM
Todd, have you verified this encryption specifically the statement by McAfee:
One of the malicious programs opened a remote backdoor to the
computer, establishing an encrypted covert channel that masqueraded as
an SSL connection to avoid detection.
I assume by masquerade they mean the fact it is
is.
-Marc Maiffret
On Fri, Jan 15, 2010 at 9:21 PM, Dan Kaminsky d...@doxpara.com wrote:
If it's stupid and it works, it isn't stupid.
On Jan 15, 2010, at 11:07 PM, Marc Maiffret m...@marcmaiffret.com wrote:
Todd, have you verified this encryption specifically the statement by
McAfee
Internet Explorer Compressed Content URL Heap Overflow Vulnerability
Release Date:
August 24, 2006
Date Reported:
August 17, 2006
Severity:
High (Code Execution)
Systems Affected:
Internet Explorer 6 SP1 with MS06-042 - Windows 2000
Internet Explorer 6 SP1 with MS06-042 - Windows XP SP1
MS06-042 Related Internet Explorer 'Crash' is Exploitable
Date:
August 22, 2006
Severity:
High
Systems Affected:
Windows 2000 with IE6 SP1 and MS06-042 hotfix installed
Windows XP SP1 with IE6 SP1 and MS06-042 hotfix installed
Overview:
On August 8th Microsoft released MS06-042 which was a
or questions/comments
feel free to send them to [EMAIL PROTECTED] and your hostess will be
by shortly to take your order.
Signed,
Marc Maiffret
Co-Founder/CTO
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9329
http://eEye.com/Blink - End-Point Vulnerability Prevention
http
To: Marc Maiffret
CC: full-disclosure@lists.grok.org.uk
Sent: Tue Aug 01 17:05:55 2006
Subject: Re: [Full-disclosure] EEYE: research.eeye.com
On 8/1/06, Marc Maiffret [EMAIL PROTECTED] wrote:
Hi,
I am happy to announce to the first incarnation of
http://research.eEye.com. On this site
To be clear we did not make any claim except that Retina has been
updated to be able to identify this vulnerability. Obviously being that
it is a local vulnerability we audit for the vulnerability using
credentials through normal means that you should find in most any
vulnerability assessment
not that I completely disagree but I
think for the average consultant (99% of consultants) using an automated
solution like Core/Canvas is going to do far more for them.
Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Blink - End-Point
,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9329
http://eEye.com/Blink - End-Point Vulnerability Prevention
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS
10 matches
Mail list logo