Archive for December, 2011

Anonymous withdraws Indian hack under pressure

The fledgling Indian operation of hacker group Anonymous attacked the website of the Indian army on Friday, but reversed its decision after it ran into criticism from Indian supporters who were annoyed that the Indian army was targeted.

Later on Friday, the hacker group said in a Twitter message that the Indian army site was now working fine. The new consensus appears to be not to target government websites, but only those of corrupt politicians.

The Hacker News reported that the Indian army site was down for only about an hour, according to the hackers. Indian government officials were not immediately available for comment. It is also not clear whether the Indian army or Anonymous put the website in order. Read more…

China behind recent hack attacks, says Indian government

The Times of India has accused Chinese hackers, allegedly backed by the Chinese government, of systematically attacking Indian online assets over the past 18 months. The goal of these assaults, at least according to the paper, is to map and discover weak points within India’s IT infrastructure. Such information could give China an advantage in any potential conflict, and the article implies that India has been slow to develop a retalitory system in the event of a Chinese attack.

The degree to which the Chinese government is actually involved in these attacks is still an open question, The Times’ rhetoric notwithstanding. A continuing series of sophisticated and methodical assaults is no longer proof of another nation’s malevolent intent, even if such attacks appear to be originating in the country in question. Read more…

Appin Security multiple sites hacked and databases uploaded online

Appin Knowledge Solutions is a part of Appin Group of Companies and the premier provider of hi- technology certification, courseware as well as online, computer based and instructor led training across the world. Appin is primarily an IIT Alumni company. Appin has come up with the way of innovative learning concept using Computer Based Training Software (CBTS) in a highly interactive environment.

We need a community of ethical hackers, says IT minister Kapil Sibal

NEW DELHI: IT minister Kapil Sibal will table a bill in the Winter Session of Parliament that will mandate all states to automate all services delivered by government. Speaking at the curtain raiser of Third Global Cyber Security Summit in the capital, Sibal said that framing the rules for cyber security in the world will be imperative, as India looks to automate all public services.

India is hosting the third global cyber security summit in October next year. Companies such as ZTE, which are facing problems selling their telecom equipments in various markets, say aligning of cyber security rules will help them. “We need a legal framework as we are dealing with one of the best minds. We also need a community of ethical hackers, as the resource pool of them is very limited in the world,” said Sibal. Read more…

EC-Council’s CISO Executive Summit 2011 Features a Unique Format that Encourages Knowledge Sharing Among the Diverse Range of Participants

The CISO Executive Summit included over 40 prominent speakers from across industries in the government, private and public sectors who were surprised and pleased by the interactive format of the event.

December 14, 2011 Albuquerque, NM- EC-Council hosted the 1st in its Global CISO (Chief Information Security Officer) Executive Summit Series in Las Vegas, NV December 5-6th at the M Resort.

The CISO Executive Summit 2011 was the first of its kind to be fully comprised of panel-based discussions. Panel chairs and speakers consisted of the world’s most successful thought leaders in the Information Security (IS) industry, including executive representation from top corporations and agencies such as IBM, Motorola, Transunion, Abu Dhabi Securities Exchange (ADX), Sallie Mae, Blue Cross Blue Shield, Deloitte & Touche, SecureNet Payment Systems, U.S. Department of Treasury, U.S. Army Reserve and Department of Defense.

The mission of the CISO Executive Summit was to unite the top information security leaders across the world in the fight against cyber crime and information security threats. Today’s rapidly evolving threat landscape is posing new risks to security professionals and the organizations they protect. The panel discussions were centered on the topics most relevant to high-level Information Security leaders including managing insider threats, cloud compliancy, and structuring and managing an infosec workforce. Some of the questions addressed were:

The CISO Executive Summit 2011 successfully accomplished its mission by providing a unique platform of 13 interactive panel discussions. This setup provoked in depth and intimate discussions about issues that are of global concern to high-level Information Security leaders. Panel speakers from the private, public, and government sectors brought an element of diversity and variety to the discussions. To view the full list of speakers, panel discussion topics and abstracts, please visit:

Jay Bavisi, President and Co-Founder of EC-Council, stated “The success of the CISO Summit is evident from the fact that so many senior executives from a vast array of organizations travelled to the EC-Council CISO Summit in the first week of December in Las Vegas. The intense industry representation and their engagement in active dialogue over today’s most pressing issues was beneficial to the industry. It was wonderful to witness the commitment shown by these individuals in seeking continuous learning and sharing.”

Tony Meholic, Chief Information Security Officer at Republic Bank, added, “The extensive knowledge and experience the speakers and audience displayed in the Information Security space was superb. I found the format to be informative and very lively. The opportunity to network with peers from various industries, government and academia was also very welcomed. These connections will provide valuable resources for discussions, questions and recommendations on current and future topics.”



“It was great to be a part of the 1st series of Global CISO Summit. I enjoyed the great panel discussions, fellowship and networking. I look forward to attending and speaking at future summits.” Said Jeffrey Vinson, CISO at SecureNet LLC., of the networking and knowledge sharing opportunities presented at the CISO Executive Summit.

EC-Council will host the 2nd in the Global CISO Executive Summit Series in May 2012, the location is to be determined. A Global CISO Summit is to proceed on October 25, 2012 in Miami, FL. For upcoming EC-Council CISO Executives Summits, please go to:

Marissa Easter – Marketing Communications Specialist (

About EC-Council:
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and information security skills. It is the owner and creator of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Chief Information Security Officer (C|CISO) as well as many other programs that are offered in over 80 countries through a global training network of more than 450 training partners. For more information on CISO certification, visit

Dangers of Online Shopping

Good Versus Evil: How to Further Protect Your Privacy on Mobile Devices and Wireless Networks”

Your bank account has just been drained and the bank says that you willingly did it and there is no chance for a reversal. Well, for all purposes, you did. Your username, password and security questions were all answered correctly just prior to the transaction, but the problem is, it wasn’t you, it was the work of a hacker who gained your information through a public forum in which you had both joined the same wireless network. Can it happen? Yes it can, and it does. One party figures out how to gain information for the benefit of the consumer and the other party figures out the information for the detriment of the consumer. It’s the ongoing battle between certified ethical hackers and malicious hackers. Read more…

XSS Vulnerabilities Can Affect Embedded Browsers in Mobile Apps

A security researcher has noted that the use of embedded browsers in mobile applications can make those applications vulnerable to cross site scripting attacks. Developers of mobile software have found it can be effective to embed a smartphone operating system’s web browser and then create their user interface using HTML, CSS and JavaScript. The user interface is then more portable to other devices and is easier to customise using CSS. But this convenience comes at a cost. Researcher Kyle Osborn, who is presenting his findings at TakedownCon, found that some developers don’t clean the data being sent to their HTML-based user interface.  Read more…

Mobile Security at TakeDownCon: Hackers Handing Out a Healthy Dose of Paranoia”

Smartphones are mini-computers packed with financial and personal info, but even though folks can use their mobile devices for everything from paying bills to GPS, it’s a bit confusing when wondering why folks don’t consider mobile security. To ignore the need for mobile security is a bit like choosing to run a computer without any regard to security precautions. Not wise at all. Even without any malicious intent by app developers, many are not concerned about security; their apps may ask for overreaching access permissions.

Mobile and wireless security news is pouring out of TakeDownCon in Las Vegas. During the keynote presentation, Moxie Marlinspike said “mobile malware detection should be done by the app stores” and “Google has done the absolute bare minimum to secure the Android platform.” Marlinspike tweeted, “Half way through my talk at TakeDownCon this morning, I realized it included some minor Android 0day we hadn’t reported.”  Read more…

New System Secures Cellphones for Web Transactions

An experimental method for two-factor authentication to websites employs mobile phones in a new way to ensure that users’ online accounts don’t get hijacked.

Called password less authentication (PLA), the scheme gathers authentication data over the Internet as well as carrier cellular networks and ties them together to positively identify the person trying to log in to an account, according to the author of PAL, Srikar Sagi, a security researcher.

PLA gets around some shortcomings of other scenarios in which cellphones are used in two-factor authentication. Some of these other methods have secure websites send SMS messages containing one-time passwords to cellphones for users to copy into the authentication page for the site they are logging into.  Read more…