Archive for December, 2010


EC-Council Partner, Netacademia reveals a New Rootkit for Windows 32 bit version at Hacker Halted USA 2010

December 15th,  2010 – Albuquerque, NM – After so many years of silence on the Rootkit front, a brand new, fully functional yet undetectable Windows 2008/Windows 7 Rootkit was launched on Hacker Halted 2010, Miami . The rootkit, which also implements a so-called “theoretical” attack has been developed by a security professional from Hungary, Csaba Barta who is an EC-Council Certified Instructor at Netacademia. According to EC- Council current plans are to send the code to major virus scanner vendors, and then rootkit will be made available to the information security community as part of the next version of Certified Ethical Hacker V7  training.

After so many years of deep pocket investments and thorough development in the security field by many hardware and software vendors, many assume that there will be no more room for a perpetrator to implement such a code – that not only can hide itself in the computer but fool the operating system so badly that regular forensics investigations is unable to reveal it, not at least, without tedious efforts.

Csaba Barta, a Certified EC-Council Instructor of NetAcademia in Budapest, Hungary, and forensic investigator of Deloitte Hungary spent two and a half years investigating the most modern operating systems implementing a Rootkit which is able to switch logged on users’ identity, credentials and password with ease.

“My goal was to create a proof-of-concept Rootkit for training purposes only, that’s why you did not hear about it until now. It turned out later that I was able to implement attack types nobody else had done before”. – said Csaba, who is very proud of his Cached Data Attack module, which is capable of clearing and setting passwords in memory without the conscience of the operating system. He adds “This rootkit is a good example of how techniques used in widely spread forensic software could be used by malicious software in order to avoid detection. It has to be mentioned that the concept was first documented by Brendan Dolan-Gavitt in 2008.“

Some of the rootkit capabilities in a nutshell: besides of all the routine tasks that every Rootkit does (like hiding files, processes etc.), Csaba’s Rootkit is also capable of stealing access tokens from arbitrary processes, making security context change to SYSTEM and back a breeze. His proprietary implementation of Cached Data Attack reveals the inherent vulnerability of password handling of Windows. It is not only capable of setting any users’ password to any value but it does it leaving no tracks behind.

According to Sean Lim, Vice President of EC Council: “This is a two sided story. On one side, we are very proud of Csaba’s results, but the other hand it is a sad evidence of the fact that there are hidden attack that surface all the time. We plan to incorporate the Rootkit in the CEHv7 Training Material to make our students aware of the risks. We continue to draw attention to possible security threats to information technology systems and to provide solutions to these threats to ensure that such systems remain safe.”

ABOUT EC-COUNCIL

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences. The global organization is headquartered in Albuquerque, New Mexico.


New Horizons sponsor on the most important hackers conference in Brazil: H2HC

Over the past 27 to November 28 was held at Hotel Novotel Morumbi in São Paulo | Brazil the 7th Edition H2HC (Hackers to Hackers Conference). A conference organized by people who work or who are directly involved with research and development in information security, whose main goal is to enable the dissemination, discussion and exchange of knowledge on information security among participants and also among the companies involved in event. With training and lectures presented by respected members of the corporate world, research groups and underground community. This year the conference has demonstrated techniques that have never been seen or discussed with the public before.

The New Horizons Brazil with his technical staff and consultants attended the event as sponsor, offering training and showing their networks training, information security training and the coveted EC-Council Certified Ethical Hacker training, which aims at qualifying professionals to implement testing non-destructive penetration in e-Commerce, e-Business, IT Security and other types of networks and systems.


This event was attended by over 400 guests from various fields and companies in Information Security.


Hacker Halted To Make Debut In Egypt

Under the auspices of His Excellency Dr. Tarek Kamel, Minister of Communications and Information Technology: Raya Academy, in cooperation with the EC Council, hosts “Hacker Halted 2010″ for the first time in Africa

Raya Academy, in cooperation with the EC Council, organized Hacker Halted Egypt 2010, a conference specialized in information security and combating internet crime, for the first time in Africa. Under the auspices of His Excellency Dr. Tarek Kamel, Minister of Communications and Information Technology, the conference will take place from 13 – 14 December, 2010 in Fairmont Heliopolis Hotel, Cairo, Egypt.

More than 20 international IT professionals will discuss security and privacy of people’s information in the course of 16 sessions. The conference will also discuss the newest technologies that are adopted by large companies and e-government systems, such as cloud computing, as well as the international standards used to secure entities in different sectors, such as the banking, health and e-government sectors.

It is worth mentioning that Hacker Halted Egypt is being held during the same time of the “Third Arab African Conference on Internet Crime and Information Security”, under the auspices of His Excellency Dr. Ahmed Fathy Sorour, President of the Egyptian People’s Assembly, His Excellency Dr. Ahmed Darwish, Minister of State Administrative Development and His Excellency Dr. Mofeed Shehab, Minister of State for legal and Parliamentary Affairs.

In addition, the conference will be attended by regional and international organizations such as the Bureau of Intellectual Property of the League of Arab States, the United Nations Office on Crime, the International Telecommunication Union and the Arab Organization of Administrative Development.

Also visit: http://www.zawya.com/mobile/default.cfm/sidZAWYA20101209135426/actstory


International Information Security Conference Series to Make Its Debut in the Land of Pharoahs

The 18th Hacker Halted conference, hosted by Raya Academy, will be hosted in Cairo, Egypt from December 13 – 14, 2010.
December 6, 2010 – Albuquerque, NM – EC-Council announced that its 18th iteration of the internationally renowned Hacker Halted conference is being organized in Cairo, Egypt and hosted by Raya Academy, a subsidiary of Raya Holding.

Boasting an excellent track record with EC Council, Raya Academy has been awarded the Authorized Training Center of the Year award, as well as the Instructor of the Year for the past three years.

Mr Medhat Khalil, Chairman of Raya Holding, said “In line with Raya’s vision of being a market leader in every business it penetrates, and capitalizing on our strong Enterprise IT infrastructure solutions implementation with a specific focus on security services, it is our pleasure to cooperate with International Council of Electronic Commerce Consultants (EC Council) to introduce the world renowned Hacker Halted conference for the first time in Egypt and in Africa.

We are striving to achieve more distinguished milestones since the successful start with EC-Council three years ago. Raya has designated 2010 as the year of innovation as its strategic direction. One of the four components of Innovation is to follow market trends and since information security is the booming trend in the IT industry, so what better way to follow our strategic direction than to host one of the major security conferences in the world here in Egypt?”

Hacker Halted is a vendor neutral knowledge sharing platform that allows participants to share their views on security, hear and learn from some of the best speakers, as well as being a great networking platform. The conference will feature some of the world’s best subject matter experts who will address the latest security technologies, threats and remediation solutions. Topics covered includes web application security, cloud computing, SCADA threats and both defensive and offensive countermeasures. With an excellent line-up of speakers, and a comprehensive agenda, it is certain that IT professionals in the region will reap plenty of benefits from attending.

“We are excited to appoint Raya Academy as co-host for the first ever Hacker Halted conference on the Africa continent. We have no doubts that this inaugural event will be a huge success. I applaud the foresight and determination of Raya Academy’s bid to host the event,” said Jay Bavisi, President of EC-Council. He adds,” The objective of Hacker Halted is to raise awareness towards increased education and ethics in information security. With Raya Academy at the helm leading this efforts in Egypt, we have full confidence that this event will soon become a mainstay in the region.”

For more information about the event, please visit http://www.hackerhalted.com/cairo2010

About EC-Council

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences. The global organization is headquartered in Albuquerque, New Mexico.

About Raya Holding

Based in Cairo, Raya Holding was established in 1999 when 7 leading IT companies in Egypt decided to merge together to create the Middle East’s largest CIT company. Raya operates mainly in four lines of business, namely information technology, contact center, trade line of business and smart buildings development. Along with its for lines of business, Raya Holding has recently expanded its portfolio by adding two new companies to its subsidiaries’ list, namely OSTOOL for land and river transport and BariQ for plastic recycling and re-manufacturing. In 2005, the company got listed in the Egypt Stock Exchange (EGX). With a number of 3000 employees, the group has branches in Saudi Arabia, the Gulf, Algeria, Nigeria and USA and caters to a customer base located almost all over the world, namely USA, Europe, Australia and the Middle East.

About Raya Academy

Responding to the market needs, Raya provides avant-garde world-class learning paths and certifications in Information Technology and Call Center industries; through an elite pool of certified trainers, Information Technology experts and management consultants. 
 
IT systems are a significant investment for almost all businesses and it is important that staff make the best use of technology. If staff is trained well on how to make the best use of the technology available, they will be more time effective and productive; hence the business will run smoothly.  When problems arise they need to be dealt with quickly and efficiently to prevent having a serious impact on day-to-day business operations.


How To Become A Hacker

Time for the Whole Nation to Become Hackers

EC-Council and Firebrand Training have teamed-up to offer a webinar that teaches you how to become an ethical hacker. With the rate of cyber attacks doubling every year, IT Security has become a valuable profession. Many in the role of Ethical Hacker now demand a six-figure salary.
The UK Government recently raised the threat-level of attacks on computer networks to ‘Tier One’ – the highest ranking possible. Testament to this, in a month of extreme spending cuts, theGovernment is to boost the Intelligence Services’ budget by £1billion, solely to tackle cyber terrorism.
The United States Department of Defence has endorsed EC-Council’s Certified Ethical Hacker course to equip its cyber-defenders across the United States for the attack on cyber crime. Jay Bavisi, President of EC-Council, explains: “From emerging markets to developed economies, governments and organizations are spending a whole lot more to train their citizens and workers so as to build sufficient capacity of information security workforce to meet increasing needs.”
For more information, please visit “http://www.yourcareerguide.co.uk/article.asp?aid=1910“.

EC-COUNCIL APPOINTS ARAB SECURITY CONSULTANTS AS NON-EXCLUSIVE DISTRIBUTOR IN EGYPT

December 1, 2010 – Albuquerque, NM – EC-Council today announced the appointment of Arab Security Consultants (ASC) as its non-exclusive distributor for Egypt. ASC, with its offices based in Cairo, is a leading information security company specialized in network security products, solutions, research and development and trainings.
By the appointment, ASC will serve as the authorized distributor of official EC-Council courseware, as well as be a training provider of EC-Council’s certification programs in Egypt.
A report released by Symantec highlighted that in 2009, for the EMEA region, Egypt was the top-ranked country for potential infections by viruses and ranked third for worms. Being a soft target for many hackers, Egypt will witness a surge in the demand for trained and certified information security professionals in the coming years.
“We are proud and excited by the appointment extremely honored to represent EC-Council in Egypt. This partnership will further enhance our position as a key player in the information security space in Egypt, and we hope that by bringing into Egypt a suite of world class training and certification programs will enhance the skills and knowledge of security professionals to adequately defend the nation’s cyber frontier,” said Dr Bahaa Hasan, Chairman of ASC.
Mr. Sean Lim, Vice President for EC-Council remarked, “The appointment of ASC will ensure a stronger presence for EC-Council in Egypt. With a team of highly driven professionals that are equally talented, we are confident that ASC is positioned for success.”