Gordon MacKay, CISSP
Gordon MacKay, CISSP, serves as Executive Vice President and Chief Technology Officer (CTO) for Digital Defense, Inc. (DDI). He leads the technology roadmap, as well as the Cloud Platform Development and Vulnerability Research teams.
As CTO, MacKay applies mathematical modeling and engineering principles in investigating novel solutions to many of the technological challenges within the automated vulnerability management space. In 2013, MacKay’s solution to matching network discovered hosts within independent vulnerability assessments across time resulted in achieving patent-pending status for the company’s scanning technology host reconciliation process.
Prior to joining DDI, MacKay held several research and development leadership positions at Alcatel USA and led the Call Server Database Team with the inception and design of a real time in-memory database used in the Alcatel Softswitch.
MacKay has presented at numerous security related conferences, including RSA, and his expertise has been featured by top national and international media outlets such as FOX Business, Softpedia, IT World Canada and others. He enjoys using creative real world analogies, as well as using Star Trek references in the content of his presentations and communications.
He holds a Bachelor's degree in Electrical Engineering, Computer Engineering from McGill University, Montreal Canada. MacKay serves as a Distinguished Fellow for the Ponemon Institute.
04/01/2015 » CVE-2015-2808
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. [READ ME]