Archive for September, 2011


Top Scoring U.S. Cyber Challenge Cyber Quests Winners Gain Entry to EC-Council’s Global CyberLympics Ethical Hacking Championship

The U.S. Cyber Challenge (USCC) and the International Council of E-Commerce Consultants (EC-Council) today announced the recipient of a seat at the Global Cyberlympics, an international team ethical hacking competition. Chad Weber, a sophomore at Vermont Technical College, earned admission to Cyberlympics by scoring first place in the USCC Cyber Quests, a national competition focused on testing participants’ ability to identify and interpret web application attacks.

Nearly 500 students from more than 160 schools across 43 states registered for Cyber Quests III, which concluded on September 15. A number of post-graduate and professionals participated as well. The second place winner was Ben Toews, a graduate of DePaul University in Illinois. Third place winner was Dan Borges, a senior at East Stroudsburg University in Pennsylvania. Winners were determined based on who achieved the highest score in the shortest amount of time. The complete scoreboard of participants is available online.

“I’m very excited at having won this competition, and very thankful for all of the opportunities that the USCC has provided to me,” said Weber.

In addition to providing a seat at the CyberLympics, the EC-Council also sponsored prizes for the first, second and third place winners that include EC-Council’s flagship Certified Ethical Hacker (CEH) v7 training, Security+ training library by Element K, official courseware by EC-Council Press, exam vouchers and passes for Hacker Halted, TakeDownCon and CAST cyber security conferences. Read more…


New Certification on the Block – EC Council’s C|CISO

Over the years there has been a lot of ink spilled, keys clicked and blood shed over the morass of information security-related professional certifications that have popped up across the landscape like proverbial weeds in the garden.

Like the story of Goldilocks and the porridge – “This one’s too technical”, “that one’s not technical enough” – “ah, this one’s just right”.  And some would argue that holders of certain “gold-standard” certifications are not necessarily security-savvy.  The rhetoric goes on and on and on.

From my perspective, certifications are analogous to a college degree.  There are incredibly smart and capable people that do and do not have degrees.  There are no guarantees when it comes to a person’s knowledge, experience, and capabilities.

However, if one does have a college degree it reflects that some commitment had been made by the individual to study and earn the degree. And depending on the quality of the school and program, one would expect there has been some standard of study attained as part of their chosen course of study.

Likewise, pursuing professional certifications reflects one’s commitment to earning the certification, adhering to some standard or body of knowledge that is the foundation for the certification, and typically maintaining the certification by renewal/retesting or continuing education requirements.

This leads me to EC Council’s new C|CISO – Certified Chief Information Security Officer certification.   I have been following EC Council’s C|EH – Certified Ethical Hacker certification since its inception. Read more…


EC-Council Warns SMEs of Rising Cyber Attacks Across the Globe

In light of increasing hacker sophistication and lack of banking security infrastructure, small and medium enterprises (SMEs) across the world may face a bleak future if they do not secure their networks against upcoming cyber threats which are on the rise, says network security training expert EC-Council.

Cyber criminals are stealing as much as $1 billion a year from the accounts of small to medium companies (SMEs) in the United States and Europe, according to estimates from Dell SecureWorks, a security arm of the computer maker. With rising incidences of hacking and other such network defence issues, network defence expert EC-Council advises SMEs to educate their employees on good information security practices and habits.

According to a recent Bloomberg report, overseas gangs target small commercial accounts protected by rudimentary security measures at community or regional banks. The accounts typically aren’t covered by fraud insurance, as individual accounts are, and businesses often find themselves held accountable by the banks for their losses.

Owners of SMEs conventionally face the challenge of having to be a jack of all trades, combining a keen knowledge of their core businesses with a basic knowledge of many other specialised fields such as IT Security. Read more…


EC-Council Issues Warning on Possible Death by Wireless Security Breach

Global Information Security Certification Institution EC-Council issued stern warnings about a lack of wireless security implemented by medical device manufacturers, after the American House Energy and Commerce Committee expressed concern about regulating the wireless security of medical devices.

Albuquerque, NM (PRWEB) September 22, 2011

Manufacturers of medical devices need to tread carefully when implementing wireless technologies such as Bluetooth in their equipment, says EC-Council, a leading global information security expert. In high-risk industries such as healthcare, the smallest innocuous mistake may often turn fatal.

At the recent 2011 Black Hat hacker conference in Las Vegas, security researcher and Type 1 diabetic Jerome Radcliffe demonstrated the vulnerabilities of his own wireless insulin pump and glucose meter by disrupting its operations through electronic interference. Although there was no real harm done, it was a clear example of how susceptible life-sustaining devices were to external influence.

This shocking demonstration showed a lack of awareness of such medical wireless security risks among legislators in the country, raising alarm among the members of the House Energy and Commerce Committee. Soon after, Democratic Representatives Anna Eshoo and Ed Markey sent letters of concern to the Government Accountability Office, asking for a review of the safety screening policies of the Federal Communications Commission.

Jay Bavisi, the president of EC-Council, says; “The time for the industry to take wireless security seriously is long overdue”. He pointed out that although the medical industry had made great progress in new advancements such as adopting wireless technology, the security aspect of such emerging technologies was not sufficiently catching up. Read more…


Cryptanalysis Training a Possible Solution to Deter Cloud Computing Hackers

Cloud computing looks set to become the next big thing, but security concerns mar its adoption as the United States gets ready to pump US$53 billion into fourth-generation networks over the next five years. EC-Council offers cutting-edge solutions such as cryptography courses and cryptanalysis training for individuals with security concerns over emerging key technologies.

New York City, NY (PRWEB) September 22, 2011

Amazon, Microsoft, and Sonyare examples of just some companies that have recently made headlines for all the wrong reasons, having had their cloud computing efforts breached by unethical hackers. EC-Council, an international information security certification body, reports that without proper infrastructure and cryptanalysis training, usage of cloud computing may never be a fully secure platform for individuals or businesses.

Jay Bavisi, the President of EC-Council, says that even though general cloud architecture is relatively secure, it is easy for irreparable damage to be done to online stored data once the first layer of security is breached by an intruder.

Cloud-based services require an operation and management method similar to enterprise systems, demanding well-encrypted data with secure physical locations. With cloud services, every piece of data is stored on a physical hard drive or in solid state memory. This data is thus accessible to anyone with an Internet connection, further highlighting the importance of secure protection. Read more…


Northumbria offers Certified Ethical Hacker qualification

From this September Ethical Hacking for Computer Security students at Northumbria University’s School of Computing, Engineering and Information Sciences (CEIS) will be receiving two qualifications for the price of one.

Budding computer security experts will study the International Council of E-Commerce Consultants (EC-Council) Certified Ethical Hacker programme as part of their degree, receiving a separate professional qualification from the Council. Better yet, Northumbria University will be the first UK institution to offer the qualification for no extra cost to students.

The EC-Council is a member-based organisation that certifies individuals in various e-business and information security skills. It offers a range of programmes in over 60 countries through a training network of more than 450 training partners globally. Individuals who have achieved EC-Council certifications include those from some of the finest organisations around the world such as the US Army, the FBI, Microsoft, IBM and the United Nations.

The certification will provide a boost to the CVs of all of the course’s new and current students, with those starting their final year in September the first to qualify. Normally costing around £3,000 to study separately, the inclusion of this certification within the programme’s fees provides a welcome added value to the students.


IT Giants Expand Efforts in Developing Security Infrastructure for Cloud Computing and Mobile Usage

The markets for malware are expanding at a rapid pace, says digital forensic training expert EC-Council. As such, major security plans to address privacy concerns are being green-lit across various platforms for mobile devices and cloud computing.

Technology companies are ramping up their efforts to curb malware and other undesirable software, in an effort to keep hackers from affecting profits from the lucrative mobile market. This shows the emphasis being placed on mobile forensics as a solution, and how knowledge of mobile operating systems can help both companies and end-users prevent unnecessary data interference, says Jay Bavisi, the President of EC-Council. Read more…


CISO Certification Seen as First Step in Assuring Network Data Protection

Cyber attacks across the world are increasing in both frequency and intensity, says information security expert EC-Council. Such attacks are able to cripple organisations in a single blow, a consequence that cannot be ignored by any business strategy due to the lack of protection afforded by current legal frameworks.

From the hacking of companies such as Google and Sony to the FBI’s recent investigations of leaked photos of celebrities, the Information Age of the 21st century has progressed relentlessly, with security concerns constantly trying to catch up. This is why EC-Council has introduced its CISO Certification, a first-of-its-kind certification that recognises an individual’s accumulated skills in developing and executing an information security management strategy in alignment with organisational goals, says Jay Bavisi, the President of EC-Council.

According to Symantec, cybercrime costs global businesses, governments, and others an estimated $114 billion every year. Strong technical knowledge and network security experience is now more important then ever, but this knowledge must be accompanied by the ability to effectively communicate these security issues in a corporate setting.

There was thus a need for certification as a designation of executive leaders who could address the emerging threats to information security by developing and maintaining a tough information security strategy. EC-Council has done so, introducing the CISO Certification programme for chief information security officers.

CISO is a unique designation that has been designed in cooperation with industry leaders to identify a solid blend of functional and executive IT job roles and skill requirements”, says Bavisi.
This recognition is necessary in an era where even legal frameworks struggle to regulate and restrict the spread of information online. Such security is particularly crucial in industries such as banking and finance, where any minor error would result in massive monetary losses.

Even efforts to develop authentication for financial transactions have the added risk of gathering and storing even more personal information, said Marc Rotenberg, president of the Electronic Privacy Information Center.

“In our view, none of the current legal frameworks provide adequate safeguards for consumers, bank customers, depositors, and others who provide personal information to obtain financial services”, Rotenberg says.

In the absence of legal protection for information security, companies can rely on CISO certifications when hiring potential chief information security officers, or simply use it as a training course to enhance the skill of current employers.

Contact:

Justyna La Pay – Associate Marketing Director (justyna.lapay(at)eccouncil(dot)org)

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organisation that certifies individuals in various e-business and information security skills. It is the owner and creator of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), and as well as many other programs that are offered in over 60 countries through a global training network of more than 450 training partners. For more information on CISO certification, visit http://www.eccouncil.org/ciso


Dutch Team Emerge as European Champions for the Global CyperLympics Hacker Competition and Head to the World Finals in 2012!

Global CyberLympics (http://cyberlympics.org), the world’s first international team ethical hacking championships, kicked off on Sep 18 with the European Championships being held in Budapest. The team formed by Deloitte Netherlands came up tops after a grueling contest with other teams, and earned the prestigious accolade of being the first CyberLymics European Champions. They will now represent Europe in the world finals in 2012.

Sep 21, 2011, ALBUQUERQUE, NM – The Global CyberLympics, endorsed by the cybersecurity executing arm of the United Nations, held its first of the championships series in Budapest, alongside Hacktivity – touted as the largest hacker conference in Central and Eastern Europe. There were more than 1000 people from across Europe attending the event.

Conceived by EC-Council, the Global CyberLympics is supported by the International Multilateral Partnership Against Cyber Threats (IMPACT), the cybersecurity executing arm of the United Nations’ specialized agency – the International Telecommunications Union (ITU). This is a series of ethical hacking games comprised of both offensive and defensive security challenges. Teams will vie for the regional championships, followed by a world finals round to determine the world’s best ethical hacking team. EC-Council is sponsoring over $400,000 worth of prizes at the CyberLympics.

“The Global CyberLympics could help to foster a greater sense of partnership and cooperation between countries on the issue of cybersecurity,” said Mohd Noor Amin, Chairman of IMPACT. “By sharing knowledge, training and resources, we can help to improve the level of cybersecurity in many countries and regions around the world.”

“Congratulations to the team from Deloitte Netherlands! Our purpose with the Global CyberLympics initiative is to help establish true cybersecurity partnerships across borders,” said Jay Bavisi, Chairman of the Global CyberLympics Organizing Committee and president of EC-Council. “We are very honored to have this initiative supported by key players in the information security community, including IMPACT, the cybersecurity executing arm of the United Nations, events such as GITEX, the largest IT tradeshow in the Middle East region, and Hacktivity, the largest hackers conference in central and eastern Europe.”

“The CyberLympics presents a unique set of challenges that puts competing teams through a real life environment which include offensive hacking strategies but also deploying defensive capabilities to prevent being hacked. This approach makes the CyberLympics stand out from other cyber games elsewhere,” said Steven Raspe, captain of the Deloitte Netherlands team, named Hack.ers. “It is an honor to be among the first to participate in, and to win this championship. We are looking forward to representing Europe at the World Finals of the CyberLympics in 2012.”

The games come at a crucial time as global cyber threats appear to be escalating. According to the U.S. Cyber Consequences Unit, the annual loss of intellectual property and investment opportunities is $6 to $20 billion as a result of hacking. In a recent article about cyber espionage attacks against the US, the magazine Vanity Fair even referred to 2011 as “the Year of the Hack.”

Following up next will be the regional championships for Middle East and India, to be held at GITEX – Heralded as one of the largest and most important ICT events around the globe.

The CyberLympics world final is tentatively scheduled for the first quarter of 2012, with its venue still being decided.

iSight Partners’ Threatspace platform is the Official Technology Partner of the Global CyberLympics 2011-12.

Registration for the Global CyberLympics is open, and more details can be found at the official Global CyberLympics website: http://www.cyberlympics.org.

For media and partnership enquiries, please contact: Leonard Chin, Vice Chair – Global CyberLympics Organizing Committee: leonard [at] cyberlympics.org.

ABOUT EC-COUNCIL:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT) certification. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members.
EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. The global organization is headquartered in Albuquerque, New Mexico. More information about EC-Council is available at www.eccouncil.org.


EC-Council Launches Advanced Security Training Series in Thailand and Singapore

EC-Council Academy and the Center of Advanced Security (CAST) launches the first CAST “Live” advanced security training series across Thailand and Singapore. This series will feature two highly advanced and technical three-day workshops developed by CAST.

BANGKOK, THAILAND, 19 SEPTEMBER 2011: With escalating cyber incidents and threats being reported over the past months, and the increasing demand for more technically competent professionals to defend the cyberspace, EC-Council Academy announced that it is launching the first CAST “Live” Asia Roadshow. This series will bring two highly advanced and technical three-day CAST workshops to Thailand and Singapore.

The Center of Advanced Security Training (CAST) was developed to provide highly technical and advanced security training to IT security professionals, to address the rapid evolution of new threats, vulnerabilities and exploits. CAST programs are designed to be domain-specific and focused, with greater emphasis on hands on lab exercises, so as to enable participants to experience combating real life scenarios.

According to Wilson Wong, Managing Director EC-Council Academy, CAST “Live” Asia Roadshow will give infosec professionals the opportunity to learn from some of the best industry practitioners, and acquire cutting edge skills and knowledge, in order to be technically proficient so as to stay ahead of cyber criminals.”

The two programs featured during this roadshow are the Advanced Network Defense (CAST 614) and Cryptography Deep Dive (CAST 615).

The Cyber Defense Expert program focuses on the paradigm of thinking like a hacker in order to defend against threats with an offensive mindset by learning how to build robust infrastructure in the face of sophisticated attacks. This highly technical workshop will be led by Kevin Cardwell, who spent 22 years in the U.S. Navy, and had tested and evaluated Surveillance and Weapon system software. He worked as both software and systems engineer on various US Department of Defense projects, and was selected to head the team that built a Network Operations Center (NOC) that provided services to the commands ashore and ships at sea in the Norwegian Sea and Atlantic Ocean. He served as the Leading Chief Information Security Officer at the NOC for six years before hanging up his hat from the U.S Navy. During this time he was the leader of a five-person Red Team that had a 100% success rate at compromising systems and networks.

Cryptography Deep Dive is designed to further enhance the understanding of cryptography and how it’s used in modern systems, from SSL-based e-commerce, online banking, to hard drive and e-mail encryption and at the same time learn crypt analytical techniques for breaking cryptographic protocols. Some causes of recent reported high-profile breaches such as the RSA and Epsilon incidents include poor cryptography practices and understanding. This adavnce workshop will be led by Chuck Easttom, author of 11 computer science books, one of which had been translated into several languages. Chuck is also the inventor of a method for quantifying network security that is being taught at several universities, and most recently has developed a new approach to creating ghost drives. He has taught various security related courses for several years and has over 10 years of teaching experience. Chuck has 7 provisional patents, all related to computer science and 4 related to computer security. One of those patents regards a new method of steganography, another regards a new approach to detecting spyware, and yet another involves the invention of a new, more stable file system.

For more details of the CAST “Live” Asia Roadshow, and the online live training sessions, please visit www.eccouncilapac.org/cast

ABOUT CAST:

The Center for Advanced Security Training (CAST) was developed by EC-Council (www.eccouncil.org), in conjunction with cybersecurity experts, to address the need for highly technical and advanced security training for information security professionals. Instructed by EC-Council’s select group of master trainers, CAST offers hands-on, lab intensive courses that cover the security industry’s top domains, including advanced penetration testing training, digital mobile forensics training, advanced application security training, advanced network defense training, advanced social engineering training, Web application security training, and more. CAST is hosted at various international events, including the CAST Summit, as well as EC-Council’s flagship Hacker Halted conference series. More information about CAST is available at http://www.eccouncil.org/training/advanced_security_training.aspx.

ABOUT EC-COUNCIL ASIA PACIFIC:
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. Its certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. The global organization is headquartered in Albuquerque, New Mexico. More information about EC-Council is available at www.eccouncilapac.org/cast