Archive for the ‘Featured’ category


IPv6 Changes Security: Is Your Business Ready?

The Internet is running out of room and, as a result, it is about to undergo a major transition to expand the number of available addresses online. This transition is from today’s IPv4 IP protocol to the new IPv6 standard. Businesses need to know and understand this transition – because there will be new security problems in the interim period.

Even though the promise of IPv6 is one of more security, IPv4 has earned its bones over the past few decades, and we’ve familiarized ourselves with what it can and cannot do. On the other hand, we have little to no experience with IPv6 in the real world. On paper, IPv6 looks great.But, I’m sure the Titanic did too. At best, IPv6 facilitates better security, it doesn’t guarantee it.

For more information on this, please visit “http://smallbusiness.foxbusiness.com/technology-web/2011/06/14/ipv6-changes-security-is-your-business-ready/


The Case for Ethical Hacking

Government agencies and business organizations today are in constant need of ethical hackers to combat the growing threat to IT Security, says Jay Bavisi, co-founder of the EC Council.

“A lot of government agencies, professionals and corporations now understand that if you want to protect a system, you cannot do it by just locking your doors,” Bavisi says in an interview with Tom Field of Information Security Media Group [transcript below].

Bavisi, president and co-founder of the International Council of E-Commerce Consultants, created an ethical hacker standard now used by the Pentagon.

Bavisi describes an ethical hacker as someone who is “trying to figure out if they are able to protect your system and if the system has been sufficiently protected.” A certified ethical hacker needs to think and act like a hacker in order to aid an organization in its efforts to protect valuable information assets.

For more information on this, please visit “http://www.govinfosecurity.com/articles.php?art_id=3737&opg=1“.


THE DEBUT OF “HACK-IN-PARIS” IN FRANCE

Paris June 9th, 2011 – The very best of the Information Security community in Europe will gather at the Disneyland Paris Conference Center from June 14 -17 , 2011 to participate in the first Hack-In-Paris (HIP) Conference which will be followed by Nuit Du Hack on June 18, 2011. HIP will allow its attendees to understand the concrete reality of IT security consequences to companies. The program include state of the art IT security information, industrial espionage, penetration testing training, forensics, malware analysis, and countermeasures.

As collectively agreed by both its co-founders, Olivier Franchi and Paolo Pinto, “It is due to the overwhelming success of Nuit Du Hack combined with today’s higher IT industry expectations that led to the conceptualization of Hack-In-Paris this year. We have high hopes for Hack In Paris to becoming one of France’s top IT security event in the coming years”

The first two days of HIP are dedicated to trainings and the last two days (June 16-17) will be focused on both trainings and workshops. The trainings will feature two parallel tracks, presented by the two internationally recognized technical experts, Mr Fernando Got and Mr Peter Van Eackhoutle who will be speaking on Hacking IPv6 Networks, and Win32 Exploit Development respectively.

The HIP Program Board which comprises world renowned IT Security experts, have selected some of the best speakers and topics as follows:

1. Winn Schwartau : Cyberwar-4G a/k/a The Coming Smart Phone Wars.

2. Mario Heiderich: Locking the Throne Room – ECMA Script 5, a frozen DOM and the eradication of XSS.

3. Bruno Kerouanton: Be a smart CISO: Learn about people

4. Peter Van Eeckhoutte: “Project Quebec” and win32 exploit development with pvefindaddr.

5. Nicolas Grégoire: Offensive XSLT.

6. David Rook: Agnitio: the security code review Swiss army knife.

7. Flora Bottaccio and Sebastien Andrivet: Pentesting iPhone & iPad Applications.

8. Jean-Baptiste Aviat: Skirack: ROP for masses.

9. Mario Heiderich: The forbidden image – Security impact of SVG on the WWW.

10. Alain Zidouemba: A close look at rogue antivirus programs.

11.Tom Keetch: Escaping Windows Sandboxes.

“We are proud to be the exclusive certification partner for this maiden event. We applaud the efforts, and support the cause of the organizers in making this event as a platform to educate the general public about information security,” commented EC-Council’s Vice President, Sean Lim.

EC-Council certified members will get to earn 16 continuing education credits (ECE)for attending any of HIP’s 2 days trainings, and an additional16 ECE credits for attending HIP 2-days conference.

For more details about the event, please visit: http://www.hackinparis.com/home


Top Information Security Gurus to Speak at Hacker Halted 2011 in Miami

The world’s top minds in information security are set to take the stage at Hacker Halted 2011, EC-Council’s flagship information security conference, and one of the East Coast’s leading venues for information security collaboration between industry leaders and security, which will take place from October 21-27 at the InterContinental Miami.

“Hacker Halted has a penchant for gathering the best of the best, and this year is no exception,” said Leonard Chin, Director of Marketing, Conferences, and Events at EC-Council, and Conference Director for Hacker Halted USA 2011. “We have a stellar line-up of keynotes, including Bruce Schneier, George Kurtz, Philippe Courtot, and Barnaby Jack, along with a world class schedule of speakers representing the top minds in the field. We are, without a doubt, positioned as one of the leading venues of our kind on the East Coast.”

For more information on this, please visit “http://eon.businesswire.com/news/eon/20110609005311/en/hacker-halted/ec-council/information-security-conference


Rave Reviews about TakeDownCon Dallas 2011

The reviews are in from the EC-Council’s Take Down Con in Dallas a few weeks ago. We had the chance to speak to some presenters, instructors and attendees and the feedback is unanimous. The conference was a success. The conference was created to be a technical skill set leader in the field of pentesting and hacking, and it achieved that goal.

Other conferences in the security space often carry too little high level tech presentations and instruction. They often offer blanket presentations that are more geared for beginners. The few conferences out there now that are geared for the higher level security professional are very expensive and have recently received some mixed reviews, but Take Down Con blew them all away!

For more information on this, please visit “http://certified-ethical-hacker.com/2011/06/06/ec-councils-take-down-con-is-huge-success/“.


EC-Council Announces Release of CEH v7 Through EC-Council’s Online Training Platform

CEH v7 is now available in EC-Council’s flexible online platform as well as on mobile devices such as Apple’s iPad2.

EC-Council’s training division; iClass has announced this week that they are officially rolling out the latest version of EC-Council’s world famous flagship certification program; CEH v7.

“We are excited to offer the most compressive, self-paced, online training program for the Certified Ethical Hacker (CEH) program to date” said Eric Lopez, EC-Council’s Director of Online Learning. Mr. Lopez went onto say, “This version is going to redefine the way that the industry looks at IT certification courses. Not only has EC-Council designed a brand new, innovative format for their CEH v7 course materials, but we have also released a live, online ‘Hacking Lab’ to give students a safe ‘sandbox’ environment where they can practice real life hacking scenarios.

Along with the flexible, comprehensive, online lectures, we have also bundled the certification exams and additional bonus ‘Instructor Cut’ lab demonstrations into the program!”

Lastly, Mr. Lopez finished by saying, “If that isn’t enough, we have the capability to load the streaming video lectures onto mobile devices such as Netbooks, iPods, and iPad2s so that busy, working professionals can take their CEH v7 training to go!“

About EC-Council
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. EC Council is the owner and developer of the world-famous E-Council Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Tester (LPT) programs, and various others offered in over 60 countries around the globe. These certifications are recognized worldwide and have received endorsements from various government agencies including the US Federal Government via the Montgomery GI Bill, and the US Government National Security Agency (NSA) and the Committee on National Security Systems (CNSS) certifying EC-Council’s Certified Ethical Hacking (CEH), Network Security Administrator (ENSA), Computer Hacking Forensics Investigator (CHFI), Disaster Recovery Professional (EDRP), Certified Security Analyst (E|CSA) and Licensed Penetration Tester (LPT) certification program for meeting the 4011, 4012, 4013A, 4014, 4015 and 4016 training standards for information security professionals. For more information about EC-Council, please visit http://www.eccouncil.org

About iClass
EC Council launched iClass in December of 2008 to augment the training that is offered by their network of Authorized Training Partners. iClass started out as a live, online, instructor-led delivery format that offers EC-Council’s hacking certifications in day and evening courses, but the division has grown to include self paced, online training as well as mobile training on iPods, iPads and Netbooks. (www.iclass.eccouncil.org) For more information about CEH v7, please visit http://iclass.eccouncil.org/index.php?option=com_content&view=article&id=69&Itemid=102


EC-Council Calls for Security Vigilance with IPv6 Transition

June 8th is World IPv6 Day and it’s a key opportunity for network security analysts, CSOs and other information security professionals to begin planning for their organizations’ transition from IPv4 to IPv6 – and consider the security issues that may develop.

“With the transition to IPv6 comes a host of security concerns, since a change from IPv4 to IPv6 means a change to the very protocol that drives the Internet,” said Jay Bavisi, president and co-founder of EC-Council. “Among other things, the larger address space and mandatory cryptographic functionality of IPv6, in theory, makes it a significant advancement over IPv4. However, IPv6 is not without its problems, and the real test is how well this theoretical superiority will translate into practical benefit.”

For more information on this, please visit “http://www.prweb.com/releases/2011/6/prweb8534812.htm


eSecurity Planet: What Security Issues Does IPv6 Pose?

First things first, IPv6 is a welcomed advancement, but no panacea. Before we even reach the technical security concerns of IPv6, we have to migrate to it first, and this migration may pose some of the biggest security challenges we’ve faced.

Changing from IPv4 to IPv6 means messing with the veins and arteries of the Internet itself. When bridging and transitioning between IPv4 and IPv6, you’re not just considering the specific set of security issues associated with either one you’re considering the security aspects of both. This greatly increases the potential for attacks many of which will be the result of poor, flaw-ridden implementations or misconfigured systems.

For more information on this, please visit “http://www.esecurityplanet.com/features/article.php/3935356/What-Security-Issues-Does-IPv6-Pose.htm“.


Network World: Cyber war sabers rattle across the globe

A formal Pentagon cyber strategy may define which acts of digital sabotage constitute acts war that warrant conventional military retaliation, but cases clear-cut enough to justify such retaliation may be few and far between, experts say.

The problem is attribution – identifying that an attack comes from the government of another sovereign state so its assets can be attacked, they say.

“The U.S. military is setting itself up for failure because attribution is difficult, and it’s easy to spoof your identity thereby falsely implicating the wrong government or group,” says Jay Bavisi, president of EC-Council, an international cyber security education body. “A military attack could be misplaced, as a result, but at the same time not responding will now be seen as a sign of weakness.”

For more information on this, please visit “http://www.networkworld.com/news/2011/060611-cyberwar.html“.


Closing Ceremony for Global Launch of Certified Ethical Hacker Version 7

Cyber attacks are becoming increasingly frequent and efficient, and constantly making the headlines, from financial fraud to data breaches. With Certified Ethical Hacker Version 7, corporations and government agencies are able to boost their cyber security expertise, allowing them to evolve right along with the latest threats.

EC-Council Academy is proud to have been chosen as one of the 35 selected EC-Council training partners, out of hundreds globally, to launch the CEH v7 training class. Delegates of this training course were among the first to receive hands-on training for CEH v7’s newest contributions:

Numerous private corporations and government agencies were represented by the delegates of this training class, including KOMLEK, Sapura Secured Technologies, Royal Malaysia Police, MIMOS Berhad, and the Ministry of Human Resources. MD. Taha Ayub, Chief Information Security Officer at Sapura Secured Technologies, said, “The knowledge gained from CEH v7 is something I can use directly at work, every day, and it’s a great benchmark for our security’s current state of health.”

CEH is an accepted standard for the United States Department of Defense, via DoD 8570.01-M, Change 2. Directive 8570 sets the baseline requirements for government employees performing information assurance (IA) functions within the Department of Defense workforce. CEH, including its latest version 7, cover this directive’s requirements for Computer Network Defense Service Providers (CND-SP) at the analyst, infrastructure support, incident responder, and auditor levels.

“CEHv7 is the most advanced, real-world specific and comprehensive training program to date for the ethical hacker,” said Jay Bavisi, president and co-founder of EC-Council. “For those professionals who complete the training program, they will walk away with advanced knowledge and training tactics against real-world hackers and become stronger network defenders at their companies and institutions.”

A closing ceremony was held to celebrate the first global launch of CEH v7 training. After completion of the 5-day training class, in which delegates completed the version 7 exam and were officially granted the title of Certified Ethical Hacker, Senior Engineer Syed Mohd Noor Khairuldin, of Mimos Bhd., said, “CEH v7 is proven and practical. It’s real hacking!”

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. Its certification programs are offered by over 450 training centers across 84 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. The global organization is headquartered in Albuquerque, New Mexico. More information about EC-Council is available at www.eccouncil.org.