Archive for October, 2011


Hacker Halted Miami: EC Council’s Jay Bavisi

Jay Bavisi is the Co-Founder and President of EC-Council, a global Leader in Information Security Education, Training, and Certification.

The EC-Council is a member-based organization that certifies individuals in various e-business and information security skills. It is the owner and creator of the world famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT) programs, and as well as many others programs, that are offered in over 60 countries through a training network of more than 450 training partners globally.

With 27 Infosec facing certifications in all, ECC’s direct interest is in supporting the global need for Security Certified Professionals in the realm of Ethical Hacking among many other domains.

EC-Council has trained over 80,000 individuals and certified more than 30,000 security professionals. Many of these certifications are recognized worldwide and have received endorsements from various government agencies including the US Federal Government via the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).

The United States Department of Defense has included the CEH program into its Directive 8570, making it as one of the mandatory standards to be achieved by Computer Network Defenders Service Providers (CND-SP).

The EC Council organizes the Hacker Halted conferences, featuring some of the best infosec superstars including Bruce Schneier (Internationally acclaimed security guru), Wolfgang Kandek (CTO – Qualys), Jeremiah Grossman (CTO – WhiteHat Security), George Kurtz (Global CTO – McAfee), Dr. Charlie Miller (Accuvant), Moxie Marlinspike, Barnaby Jack and many others.

There were a total of more than 70 speakers this year, and a very comprehensive agenda covering the major hot topics surrounding information security across 4 dedicated tracks.

Infosec Island was proud to be a media partner for this epic event.


Insulin pumps, other medical devices vulnerable to computer hackers

MIAMI — The special pumps used by hundreds of thousands of diabetes patients are vulnerable to computer hackers, who could make them deliver fatal doses of insulin, security researchers say.

Insulin pumps — like many other medical devices and hundreds of other everyday objects from cars to TVs and refrigerators — are vulnerable because they are controlled by computer chips that can be remotely programed via a wireless connection.

“I can issue [the insulin pump] any command I like,” McAfee security researcher Barnaby Jack told The Washington Times. “I can keep [it] dispensing [insulin] until the pump is empty.”

A typical pump reservoir contains about 300 units of insulin. Although exact doses vary among patients depending on body weight and other factors, 10 units would be enough to send someone to the hospital, and 20 units would kill most people. Read more…


Ethical Hacking Scholarship Recipient Announced to Equip Tomorrow’s IA Leaders with Skills to Lead Organizations’ Security Posture

The need for IT skilled professionals has never been greater as cyber threats and breaches increase at rapid speeds. In meeting the strong demand for highly educated information security professionals, EC-Council announces the recipient of a full Ethical Hacking Scholarship that will provide superior Information Assurance (IA) education. In addition, EC-Council University will award fifty applicants a Cyber Security Fellowship that will cut tuition costs in half.

October 24, 2011 Albuquerque, NM – Today, EC-Council University (ECU) awards the full-ride, $17,000 Ethical Hacking Scholarship to Mr. Kris Gairola. Gairola, an experienced IT Security Specialist, holds a bachelors degree in Information Systems and Operations Management from George Mason University along with several industry certifications, including EC-Council’s Certified Ethical Hacker (C|EH).

“We are extremely excited to award this scholarship to such an impressive applicant, and are looking forward to working with him as he develops his executive level IT and management competencies through the Master of Security Science (MSS) program,” says Dr. Kim Freeland, Dean of ECU, but adds that “It was a difficult decision to make due to the extensive pool of well-qualified applicants who submitted applications to be considered for the scholarship. Congratulations, Kris!”

Completion of the Masters of Security Science will provide Kris with the tools necessary to lead an organization regardless of its size in combating the ever-growing cyber threat. The MSS program will lay the foundation for lifelong learning and teach students, like Kris, how to grow, research, and adapt with the agility required to lead an organization’s complete security posture. MSS faculty are professionals who possess years of experience in the field of IT security and are considered experts by their peers. Faculty instruction, combined with their professional experience in IA, supports students as they work to apply various cyber security and management theories to real-world situations.

In addition to awarding the Ethical Hacking Scholarship, ECU is presenting fifty (50) Cyber Security Fellowships to well-qualified applicants who are looking to advance their careers in the ever-growing industry of information assurance. The Cyber Security Fellowship reduces tuition fees by fifty percent.

With cyber-security attacks on the rise, it is evident that the need for highly-trained IT security professionals will increase. A report released by the Government Accountability Office states that there have been 24 key agencies reporting Federal Cyber Security incidents, which is a 650 percent increase over the last five years. The Help Net Security magazine also reports that the number of critical vulnerabilities has tripled in 2011 and this led to the declaration of 2011 as the “Year of the Security Breach.” The Government Accountability Office suggests that the increase in the number of security incidents reported is due to a number of weaknesses with regard to how security is being implemented. Additional research and follow up shows lack of improvement furthering the issue. The lack of adequate training given to authorized personnel assisting in the monitoring of cyber security leaves businesses susceptible to attacks.

EC-Council University operates with the goal of meeting these industry needs by producing skilled IT and management innovators who will be the information assurance leaders of tomorrow. As organizations look for ways to safeguard their networks from cybercriminals, graduates will be there to provide solutions.

The Master’s of Security Science program solidifies a symbiotic blend of executive leadership and tactical information security and infosec leadership skills by educating individuals in industry leading technologies and skills, executive leadership, psychology, management and ethics. Focusing on topics like “inside the hackers mind,” “ethical hacking”, and even “global leadership” provides a very unique skill set arming the graduate with the tools, knowledge, and ability to lead effectively against advanced persistent threats such as individually motivated hacktivists, state sponsored organizations, even organized crime exploiting digital technologies.

ABOUT EC-COUNCIL UNIVERSITY:

EC-Council University is a leading provider of information security education and training to professionals in the security and military fields, and post-graduate students. It is the developer of the ‘Master of Security Science,’ a 100 percent online degree program designed to provide students with a solid foundation in information security. The MS information security course is suitable for students with a wide range of previous security experience. The MSS program is offered online, enabling students to access classes from any location in the world and at any time. The University also offers several certifications, including Information Security Professional, IT Analyst, Digital Forensics and Executive Information Assurance, IT Disaster Recovery Certifications. Digital Forensics and Executive Information Assurance. Website: http://www.eccuni.us


CICRA, EC-Council sponsor first-ever Hacking Challenge and Information Security Quiz

CICRA Institute of Education in association with the International Association of Electronic Commerce Consultants (EC-Council), USA is sponsoring the first-ever Hacking Challenge and Information Security Quiz in Sri Lanka.

Each member of the winning team of the Hacking Challenge and the Information Security Quiz will receive a free training voucher to follow globally recognized, prestigious but expensive Certified Ethical Hacker (C|EH) training programme at the state of the art computer laboratory at the CICRA Institute of Education in Colombo. Read more…


Indian Team Emerge as Regional Champions of the Global Cyberlympics Competition held at GITEX, Dubai

Global CyberLympics (http://cyberlympics.org), the international team ethical hacking championships, held its first Middle East and India championships in Dubai, at GITEX. Teams from UAE, Jordan and India qualified for the regional championships that included for the very first time, two all-female teams. At the end of 3 days of intense competition, team Ctrl+Alt+Del from Deloitte Hyderabad India emerged as regional champions.

Dubai, UAE (PRWEB) October 14, 2011

The Global CyberLympics, endorsed by the cybersecurity executing arm of the United Nations, held its first Middle East and India regional championships at GITEX in Dubai, UAE.

Conceived by EC-Council, the Global CyberLympics is supported by the International Multilateral Partnership Against Cyber Threats (IMPACT), the cybersecurity executing arm of the United Nations’ specialized agency – the International Telecommunications Union (ITU) and endorsed by the Telecommunications Regulatory Authority (TRA) of the UAE. This is a series of ethical hacking games comprised of both offensive and defensive security challenges. Teams will vie for the regional championships, followed by a world finals round to determine the world’s best ethical hacking team. EC-Council is sponsoring over $400,000 worth of prizes at the CyberLympics.

The games come at a crucial time as global cyber threats appear to be escalating. According to the U.S. Cyber Consequences Unit, the annual loss of intellectual property and investment opportunities is $6 to $20 billion as a result of hacking. In a recent article about cyber espionage attacks against the US, the magazine Vanity Fair even referred to 2011 as “the Year of the Hack.”

“Congratulations to the team from Deloitte Hyderabad India! Our purpose with the Global CyberLympics initiative is to help establish true cybersecurity partnerships across borders,” said Jay Bavisi, Chairman of the Global CyberLympics Organizing Committee and president of EC-Council. “We are very honored to have this initiative supported by key players in the information security community, including IMPACT, the cybersecurity executing arm of the United Nations, and also appreciative to GITEX, one of the 3 largest ICT exhibition in the world, for being such good hosts.”

Majed Almesmar, TRA’s deputy director general said during a press conference: “Proceeding from our belief in the importance of providing a safe cyber environment for UAE Internet users, we are glad to sponsor and support the Global CyberLympics Middle East Championships held during Gitex Technology Week. We believe that such events will help us uncover new talents and ideas in the field of information security, as well as contribute to raising global awareness on such issues and foster partnerships within information technology field among the nations of the globe.

Following up next will be the regional championships for North America, to be held at Hacker Halted Miami on Oct 25; South America, to be held at H2HC in Sao Paolo on Oct 30; and Asia Pacific, to be held at Hacker Halted Kuala Lumpur on Nov 15. The CyberLympics world final is tentatively scheduled for the first quarter of 2012, with its venue still being decided.

Registration for the Global CyberLympics is open, and more details can be found at the official Global CyberLympics website: http://www.cyberlympics.org.

For media and partnership enquiries, please contact: Leonard Chin, Vice Chair – Global CyberLympics Organizing Committee: leonard [at] cyberlympics.org.

ABOUT EC-COUNCIL:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members.

EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. The global organization is headquartered in Albuquerque, New Mexico. More information about EC-Council is available at http://www.eccouncil.org.


TRA and EC-Council Launch a Nationwide Educational Campaign on Cyber Security and Internet Safety at Gitex

The Telecommunications Regulatory Authority (TRA), represented by the National Computer Emergency Response Team (aeCERT), and the International Council of E-Commerce Consultants (EC-Council) launched a nationwide campaign aiming to educate students on cyber security and the risks of improper use of the internet. aeCERT also endorsed the ‘Global CyberLympics’ initiative.

The Global CyberLympics is an annual series of team-based cyber security games, with regional championships across different continents, and conclude with a world finals championship. The Global CyberLympics Middle East Championships will host the most skilled white hat hackers from the region, and the top two teams will represent the region to compete in the world finals championship in 2012. This not-for-profit initiative will create a platform through which information and expertise can be exchanged to support information security sector in the region.

In his opening statement during the press conference, H.E. Majed Almesmar, TRA Deputy Director General said, “Proceeding from our belief in the importance of providing a safe cyber environment for UAE Internet users, we are glad to sponsor and support the Global CyberLympics Middle East Championships held during GITEX Technology Week. We believe that such events will help us uncover new talents and ideas in the field of information security, as well as contribute to raising global awareness on such issues and foster partnerships within information technology field among the nations of the globe.” Read more…


Hackers compete in global Cyberlympics Championship at Gitex

The first ever CyberLympics regional finals at Gitex Technology Week head towards the climax of the competition with some of the most skilful hackers from India and the Middle East taking part in a series of ethical challenges to attack and defend a number of software targets.

Covering web applications, OS compromise, exploit hunting, and lock picking, the event involves six teams from India, Jordan and the UAE pitted against each other to highlight the sophistication and speed of ICT security.

“It gives us great pleasure to be partnering with Gitex to host the region’s first CyberLympics finals,” said Leonard Chin, Vice Chair of the Global CyberLympics Organizing Committee. “CyberLympics involves a tremendous amount of skill and it’s a lot of fun, but it is also an excellent way to raise awareness of cybercrime. We have already seen a great attendance throughout the championship and I expect the audience will grow even more for the final day.”

Read more…


Technical IT Security Conference To Discuss Stuxnet Proliferation and SCADA Security

Stuxnet and SCADA security will be discussed at this year’s Hacker Halted USA, October 25-27 in Miami, Florida. The premier east coast information security conference is devoting an entire track to SCADA and Critical Infrastructure threats and will provide presentations from leading industry experts and a panel discussion on Stuxnet proliferation moderated by The Washington Times security reporter Shaun Waterman. More information can be found at http://www.hackerhalted.com

Miami, FL (PRWEB) October 03, 2011

Hacker Halted USA, the technical information security conference organized by EC-Council that will take place in Miami this Fall, created a focused forum that discusses on issues of SCADA and Critical Infrastructure security. The emergence of the Stuxnet worm in 2010 was a major turning point in the history of cyberwar. Stuxnet, the world’s most sophisticated cyber weapon to date (at least, that we know of), was designed for the expressed purpose of physically disabling an Iranian nuclear power plant – an event rarely seen on the world stage.

According to the W32.Stuxnet Dossier released by Symantec in February 2011, Stuxnet is a threat that was primarily written to target an industrial control system or set of similar systems. Industrial control systems are used in gas pipelines and power plants. Its final goal is to reprogram industrial control systems (ICS) by modifying code on programmable logic controllers (PLCs) to make them work in a manner the attacker in¬tended and to hide those changes from the operator of the equipment.

The Washington Times security reporter Shaun Waterman will be moderating a Hacker Halted panel discussion on October 26 entitled, “SCADA Hacking: The Proliferation of Weapons for the Next World War.” This panel, with experts Jonathan Pollet, Tiffany Rad, Matthew Luallen and others, will discuss the potential cyber war implications of the Stuxnet worm – specifically, how it is at risk of being reproduced by other national governments, organized crime, hacktivists and others. As Waterman notes, now that Stuxnet has got the attention of the global computer security community, ingenious hackers – some with no background at all in ICS/SCADA – have been able to devise effective attacks against SCADA systems. The panel discussion will seek to answer key questions about the open source availability of SCADA attacks, how industrial operators can protect themselves and what the government’s role should be in safeguarding US SCADA systems.

Due to the significance of the Stuxnet threat and more SCADA vulnerabilities being uncovered, this IT security conference is devoting an entire conference track to examining the latest security risks and flaws in SCADA, and the risk of proliferation of Stuxnet-like worms, from the industry’s top minds.

In addition to Shaun Waterman’s SCADA panel discussion, Hacker Halted USA will also showcase several cutting-edge presentations from key experts in the field such as:

New SCADA Attacks – APT, Night Dragon and Stuxnet – Everybody is Kung Fu Fighting & DIY SCADA Security – Learn How to Build Your Own SCADA Defense Solutions — by Jonathan Pollet.
SCADA and PLC Vulnerabilities In Correctional Facilities – by Tiffany Rad, Teague Newman and John Strauchs.
SCADA Dismissal Or Bang-Bang SCADA (A new tool will be revealed in the talk) – by Yaniv Miron..
Control System Cybersecurity Training Kit (Live Demonstration) – by Matthew E. Luallen.
SCADA Security – Why Is It So Hard – by Amol Sarwate.
New Cyber Warfare Targets – SCADA Systems – by Robert M. Lee

The full program and agenda of Hacker Halted USA 2011 can be found HERE.

Hacker Halted USA, EC-Council’s flagship information security conference and a leading East Coast venue for cybersecurity research announcements, takes place from October 21-27 at the InterContinental Miami. Hacker Halted provides four days of information security training, October 21-24, followed by a three-day conference, October 25-27, of keynotes, panel discussions, presentations and demos from the world’s foremost experts in cybersecurity – including Bruce Schneier, George Kurtz, Charlie Miller, Jeremiah Grossman, Barnaby Jack, Dino Dai Zovi, Moxie Marlinspike, Philippe Courtot, Jeff Bardin, and more.

For more information on Hacker Halted USA 2011, visit the website at http://www.hackerhalted.com/2011

Contact:
Leonard Chin
Conference Director
leonard [at] eccouncil.org

ABOUT HACKER HALTED:
Hacker Halted is EC-Council’s premier global information security conference series, dedicated to raising international awareness towards increased education and ethics in information security. Hacker Halted is a vendor neutral platform that provides CXOs and senior IT security professionals with the opportunity to assess best practices in acquiring, implementing, managing, and measuring information security. Hacker Halted provides EC-Council certification training, including the renowned Certified Ethical Hacker (CEH) program (a recently accepted certification of DoD Directive 8570.01M Change 2). Since 2004, Hacker Halted has been held in Miami, Myrtle Beach, Kuala Lumpur, Singapore, Dubai, Mexico City, Cairo, Taipei, Guangzhou, and Tokyo. More information about Hacker Halted is available at http://www.hackerhalted.com.