Archive for June, 2011

IT Security Breaches Reinforces the Need for Advanced Security Training

Training is a minuscule investment, compared to potentially massive financial loss and irreparable damage to a company’s reputation. For training to be effective, it’s going to have to train security personnel how to think like a malicious hacker, in order to stop them.

The list of recently compromised companies just keeps growing, with names like Sony, Lockheed Martin, RSA Security, Citigroup, IMF, the Senate, and most recently, SEGA with 1.3 million users potentially being affected. There seems no end of the storm in sight. As technology evolves, there will be more features and complexity, which may lead to more vulnerabilities being exposed for perpetrators to exploit.

“If companies ever needed justification for investing more in advanced and technical security training, then the onslaught of attacks we’ve seen over the past couple of months are it,” said Jay Bavisi, president and co-founder of EC-Council, creator of the Department of Defense Directive 8570-approved Certified Ethical Hacker (CEH) program. “Today’s attackers are clever enough to launch sophisticated attacks, but if there’s a simple, common vulnerability to exploit, they’ll be on it. Security professionals must be able to match them, step for step, by staying abreast of all attack methodologies, from the everyday, routine attacks to the specific, complex attacks.”

For more information on this, please visit ““.

IPv6 Changes Security: Is Your Business Ready?

The Internet is running out of room and, as a result, it is about to undergo a major transition to expand the number of available addresses online. This transition is from today’s IPv4 IP protocol to the new IPv6 standard. Businesses need to know and understand this transition – because there will be new security problems in the interim period.

Even though the promise of IPv6 is one of more security, IPv4 has earned its bones over the past few decades, and we’ve familiarized ourselves with what it can and cannot do. On the other hand, we have little to no experience with IPv6 in the real world. On paper, IPv6 looks great.But, I’m sure the Titanic did too. At best, IPv6 facilitates better security, it doesn’t guarantee it.

For more information on this, please visit “

The Case for Ethical Hacking

Government agencies and business organizations today are in constant need of ethical hackers to combat the growing threat to IT Security, says Jay Bavisi, co-founder of the EC Council.

“A lot of government agencies, professionals and corporations now understand that if you want to protect a system, you cannot do it by just locking your doors,” Bavisi says in an interview with Tom Field of Information Security Media Group [transcript below].

Bavisi, president and co-founder of the International Council of E-Commerce Consultants, created an ethical hacker standard now used by the Pentagon.

Bavisi describes an ethical hacker as someone who is “trying to figure out if they are able to protect your system and if the system has been sufficiently protected.” A certified ethical hacker needs to think and act like a hacker in order to aid an organization in its efforts to protect valuable information assets.

For more information on this, please visit ““.


Paris June 9th, 2011 – The very best of the Information Security community in Europe will gather at the Disneyland Paris Conference Center from June 14 -17 , 2011 to participate in the first Hack-In-Paris (HIP) Conference which will be followed by Nuit Du Hack on June 18, 2011. HIP will allow its attendees to understand the concrete reality of IT security consequences to companies. The program include state of the art IT security information, industrial espionage, penetration testing training, forensics, malware analysis, and countermeasures.

As collectively agreed by both its co-founders, Olivier Franchi and Paolo Pinto, “It is due to the overwhelming success of Nuit Du Hack combined with today’s higher IT industry expectations that led to the conceptualization of Hack-In-Paris this year. We have high hopes for Hack In Paris to becoming one of France’s top IT security event in the coming years”

The first two days of HIP are dedicated to trainings and the last two days (June 16-17) will be focused on both trainings and workshops. The trainings will feature two parallel tracks, presented by the two internationally recognized technical experts, Mr Fernando Got and Mr Peter Van Eackhoutle who will be speaking on Hacking IPv6 Networks, and Win32 Exploit Development respectively.

The HIP Program Board which comprises world renowned IT Security experts, have selected some of the best speakers and topics as follows:

1. Winn Schwartau : Cyberwar-4G a/k/a The Coming Smart Phone Wars.

2. Mario Heiderich: Locking the Throne Room – ECMA Script 5, a frozen DOM and the eradication of XSS.

3. Bruno Kerouanton: Be a smart CISO: Learn about people

4. Peter Van Eeckhoutte: “Project Quebec” and win32 exploit development with pvefindaddr.

5. Nicolas Grégoire: Offensive XSLT.

6. David Rook: Agnitio: the security code review Swiss army knife.

7. Flora Bottaccio and Sebastien Andrivet: Pentesting iPhone & iPad Applications.

8. Jean-Baptiste Aviat: Skirack: ROP for masses.

9. Mario Heiderich: The forbidden image – Security impact of SVG on the WWW.

10. Alain Zidouemba: A close look at rogue antivirus programs.

11.Tom Keetch: Escaping Windows Sandboxes.

“We are proud to be the exclusive certification partner for this maiden event. We applaud the efforts, and support the cause of the organizers in making this event as a platform to educate the general public about information security,” commented EC-Council’s Vice President, Sean Lim.

EC-Council certified members will get to earn 16 continuing education credits (ECE)for attending any of HIP’s 2 days trainings, and an additional16 ECE credits for attending HIP 2-days conference.

For more details about the event, please visit:

Top Information Security Gurus to Speak at Hacker Halted 2011 in Miami

The world’s top minds in information security are set to take the stage at Hacker Halted 2011, EC-Council’s flagship information security conference, and one of the East Coast’s leading venues for information security collaboration between industry leaders and security, which will take place from October 21-27 at the InterContinental Miami.

“Hacker Halted has a penchant for gathering the best of the best, and this year is no exception,” said Leonard Chin, Director of Marketing, Conferences, and Events at EC-Council, and Conference Director for Hacker Halted USA 2011. “We have a stellar line-up of keynotes, including Bruce Schneier, George Kurtz, Philippe Courtot, and Barnaby Jack, along with a world class schedule of speakers representing the top minds in the field. We are, without a doubt, positioned as one of the leading venues of our kind on the East Coast.”

For more information on this, please visit “

Rave Reviews about TakeDownCon Dallas 2011

The reviews are in from the EC-Council’s Take Down Con in Dallas a few weeks ago. We had the chance to speak to some presenters, instructors and attendees and the feedback is unanimous. The conference was a success. The conference was created to be a technical skill set leader in the field of pentesting and hacking, and it achieved that goal.

Other conferences in the security space often carry too little high level tech presentations and instruction. They often offer blanket presentations that are more geared for beginners. The few conferences out there now that are geared for the higher level security professional are very expensive and have recently received some mixed reviews, but Take Down Con blew them all away!

For more information on this, please visit ““.

EC-Council Announces Release of CEH v7 Through EC-Council’s Online Training Platform

CEH v7 is now available in EC-Council’s flexible online platform as well as on mobile devices such as Apple’s iPad2.

EC-Council’s training division; iClass has announced this week that they are officially rolling out the latest version of EC-Council’s world famous flagship certification program; CEH v7.

“We are excited to offer the most compressive, self-paced, online training program for the Certified Ethical Hacker (CEH) program to date” said Eric Lopez, EC-Council’s Director of Online Learning. Mr. Lopez went onto say, “This version is going to redefine the way that the industry looks at IT certification courses. Not only has EC-Council designed a brand new, innovative format for their CEH v7 course materials, but we have also released a live, online ‘Hacking Lab’ to give students a safe ‘sandbox’ environment where they can practice real life hacking scenarios.

Along with the flexible, comprehensive, online lectures, we have also bundled the certification exams and additional bonus ‘Instructor Cut’ lab demonstrations into the program!”

Lastly, Mr. Lopez finished by saying, “If that isn’t enough, we have the capability to load the streaming video lectures onto mobile devices such as Netbooks, iPods, and iPad2s so that busy, working professionals can take their CEH v7 training to go!“

About EC-Council
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. EC Council is the owner and developer of the world-famous E-Council Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Tester (LPT) programs, and various others offered in over 60 countries around the globe. These certifications are recognized worldwide and have received endorsements from various government agencies including the US Federal Government via the Montgomery GI Bill, and the US Government National Security Agency (NSA) and the Committee on National Security Systems (CNSS) certifying EC-Council’s Certified Ethical Hacking (CEH), Network Security Administrator (ENSA), Computer Hacking Forensics Investigator (CHFI), Disaster Recovery Professional (EDRP), Certified Security Analyst (E|CSA) and Licensed Penetration Tester (LPT) certification program for meeting the 4011, 4012, 4013A, 4014, 4015 and 4016 training standards for information security professionals. For more information about EC-Council, please visit

About iClass
EC Council launched iClass in December of 2008 to augment the training that is offered by their network of Authorized Training Partners. iClass started out as a live, online, instructor-led delivery format that offers EC-Council’s hacking certifications in day and evening courses, but the division has grown to include self paced, online training as well as mobile training on iPods, iPads and Netbooks. ( For more information about CEH v7, please visit

EC-Council Calls for Security Vigilance with IPv6 Transition

June 8th is World IPv6 Day and it’s a key opportunity for network security analysts, CSOs and other information security professionals to begin planning for their organizations’ transition from IPv4 to IPv6 – and consider the security issues that may develop.

“With the transition to IPv6 comes a host of security concerns, since a change from IPv4 to IPv6 means a change to the very protocol that drives the Internet,” said Jay Bavisi, president and co-founder of EC-Council. “Among other things, the larger address space and mandatory cryptographic functionality of IPv6, in theory, makes it a significant advancement over IPv4. However, IPv6 is not without its problems, and the real test is how well this theoretical superiority will translate into practical benefit.”

For more information on this, please visit “

eSecurity Planet: What Security Issues Does IPv6 Pose?

First things first, IPv6 is a welcomed advancement, but no panacea. Before we even reach the technical security concerns of IPv6, we have to migrate to it first, and this migration may pose some of the biggest security challenges we’ve faced.

Changing from IPv4 to IPv6 means messing with the veins and arteries of the Internet itself. When bridging and transitioning between IPv4 and IPv6, you’re not just considering the specific set of security issues associated with either one you’re considering the security aspects of both. This greatly increases the potential for attacks many of which will be the result of poor, flaw-ridden implementations or misconfigured systems.

For more information on this, please visit ““.

Network World: Cyber war sabers rattle across the globe

A formal Pentagon cyber strategy may define which acts of digital sabotage constitute acts war that warrant conventional military retaliation, but cases clear-cut enough to justify such retaliation may be few and far between, experts say.

The problem is attribution – identifying that an attack comes from the government of another sovereign state so its assets can be attacked, they say.

“The U.S. military is setting itself up for failure because attribution is difficult, and it’s easy to spoof your identity thereby falsely implicating the wrong government or group,” says Jay Bavisi, president of EC-Council, an international cyber security education body. “A military attack could be misplaced, as a result, but at the same time not responding will now be seen as a sign of weakness.”

For more information on this, please visit ““.