Marc Maiffret

Marc Maiffret is the Chief Technology Officer at BeyondTrust, a leading security and compliance management company. Maiffret joined BeyondTrust by way of their acquisition of eEye Digital Security, which he co-founded in 1998 along with Firas Bushnaq. Marc is an industry visionary who created one of the first Vulnerability Management and Web Application Firewall products, which to date, have been deployed worldwide and won numerous product awards. Marc, a security research pioneer, is credited with discovering some of the first major vulnerability discoveries in Microsoft software and leads one of the world’s most renowned security research teams. Marc leads BeyondTrust’s Advanced Research Labs, responsible for identifying new trends in enterprise security for the benefit of the BeyondTrust product roadmap. Maiffret left eEye for a three-year period, during which he served as Chief Security Architect at FireEye. He returned to eEye in July 2010.

During his brief time away from eEye, Maiffret also founded Invenio Security,^[1] which he eventually merged with veteran consulting firm The DigiTrust Group. At DigiTrust, Maiffret managed the company's Professional Services division, including network security consulting and managed security services. Maiffret is also responsible for helping expand the firm’s internal research and development efforts.

Maiffret is known for running eEye's top security research team for nearly 10 years and at present, as well as famously discovering some of the very first critical Microsoft security vulnerabilities including the first Microsoft computer worm, Code Red.^[2]

Maiffret has accepted three separate invitations to testify before the United States Congress on matters of national cybersecurity and critical security threats posed to both public and private infrastructures.^[3] He was named one of People (magazine) Magazine’s 30 People Under 30 and has been featured for cover stories in Details, the Los Angeles Times, Entrepreneur magazine, and USA Today in addition to numerous television appearances. Maiffret was featured in MTV’s True Life: I'm a Hacker (October 1999). Marc was a guest speaker on episode 91 of Security Now, with Leo Laporte and Steve Gibson. Extremely influential, Marc has spoken at a variety of conferences (including ISSA Los Angeles and InfoSec 2011) and has been featured in countless publications including CNN, Fox News, Security Week, SC Magazine, PC World, and Computer World.

Marc was 'Chameleon' in the hacking group 'Rhino9'.

Marc was also known as 'sn1per' in the hacking group No|d.

Righting Facebook's wrong

On August 22, 2013, Yahoo News reported that Maiffret was prompting hackers to support in raising a $10,000 reward for Khalil Shreateh. On August 20, Maiffret stated that he had already raised $9,000 in his efforts, including the $2,000 he himself contributed. He and other hackers alike denounced Facebook for having recently given Shreateh the shaft. Maiffret said: "He is sitting there in Palestine doing this research on a five-year-old laptop that looks like it is half broken. It's something that might help him out in a big way."^[4]

The matter stems from Facebook's shafting of a user that helped them in finding a bug in their website: On August 19, 2013, it was reported that a Facebook user from Palestine Khalil Shreateh found a bug that allowed him to post material to other users' Facebook Walls. Users are not supposed to have the ability to post material to the Facebook Walls of other users unless they are approved friends with those users that they have posted material to. To prove that he was telling the truth, Shreateh posted material to Sarah Goodin's wall, a friend of Facebook CEO Mark Zuckerberg.

Following that, Shreateh contacted Facebook's security team with the proof that his bug was real, explaining in detail what was going on. Facebook has a bounty program in which it compensates people a 500+ fee for reporting bugs instead of using them to their advantage or selling them on the black market. However, it was reported that instead of fixing the bug and paying Shreateh the fee, Facebook originally told him that "this was not a bug" and dismissed him. Shreateh then tried a second time to inform Facebook, but they dismissed him yet again. On the third try, Shreateh used the bug to post a message to Mark Zuckerberg's Wall, stating "Sorry for breaking your privacy ... but a couple of days ago, I found a serious Facebook exploit" and that Facebook's security team was not taking him seriously. Within minutes, a security engineer contacted Shreateh, questioned him on how he performed the move and ultimately acknowledged that it was a bug in the system.

Facebook temporarily suspended Shreateh's account and fixed the bug after several days. However, in a move that was met with much public criticism and disapproval, Facebook refused to pay out the 500+ fee to Shreateh; instead, Facebook responded that by posting to Zuckerberg's account, Shreateh had violated one of their terms of service policies and therefore "could not be paid." In closing, the Facebook team censured Shreateh for breaking into Zuckerberg's account and asked that he continue to help them find bugs.^[5][6][7]

References