Archive for the ‘In the News’ category


Hack the Hackers 2012

Hack the Hackers 2012
Sofia, Bulgaria

On June 7th, 2012 New Horizons Bulgaria hold Hack the Hackers 2012 – a free seminar with live hacking demos, organized exclusively to promote EC-Council and CEH in Bulgaria.

The event was led by EC-Council top trainer Sean Hanna, who was in Bulgaria to deliver the third CEH training for New Horizons’ clients.

We managed to get Sofia University – the largest and most prestigious university in Bulgaria – to partner and sponsor the event. They provided us with a 300 seat auditorium, situated in the center of Sofia.

Official media partner of the event was Kaldata.com – the leading Bulgarian site for software, hardware and IT news, with over 1,500,000 unique monthly visitors.

Hack the Hackers was once again greatly supported by EC-Council, which was announced as the exclusive certification partner of the event. Hanan Wagie, Senior Director – EMEA, provided us with free 3 CEHv7 digital courseware and 3 iLabs, and arranged an exclusive interview with EC-Council President Jay Bavisi.

The campaign started on May 4th with the launch of Hack the Hackers website and two days later we got 300 registrations! Not a single euro was spent on advertising – an email invitation to our newsletter subscribers and a press release were just enough to spread the word.

Hack the Hackers event was attended by more than 250 onsite and 60 online participants. Many of them work for high-profile companies from the following sectors: Finance, Telecommunications, Information Technologies, Public Administration, Energy, and Manufacturing.

Sean presented the topic Client Side Hacking – Targeting the User, and demonstrated Cracking wireless WPS with Reaver, Remote Code Execution Buffer Overflow, Social engineering with SET and DNS Spoofing). At the end of the seminar two CEH vouchers were awarded to: Lazar Sestrimski, developer at Haemimont LTD, and Vlado Treneski, CISO at Interakcija.

The event got media coverage by Bulgaria’s most popular TV channel (bTV), and a number of online media (Kaldata, Saga Technology, itForum, Info Week, etc.).

Difficulties: Despite the venue was glorious and in a perfect location, we experienced difficulties with the university administration, such as organizational problems, voice echo and lack of technical support.

Next steps:

1. Promotion of EC-Council Secure Computer User Specialist program, in response to growing interest in security issues among non-IT people.

2. Promotion of EC-Council Certified Hacking Forensic Investigator program to raise awareness about collecting digital evidences.

 

To read more please click HERE


Gurgaon Teaches To Hack Ethically

A number of institute offering ethical hacking courses have come up in the city to meet the rising demand of ethical hackers among companies which are gearing up to protect their information from threats, says Mamta Sharma. Gurgaon being a corporate hub has not been unaffected by cyber criminals having seen an alarming increase […]

To read more please click HERE


EC-Council Achieves ANSI 17024 Accreditation for Its Certified Ethical Hacker (CEHv8) Certification

EC-Council’s Certified Ethical Hacker (CEHv8) certification program receives the American National Standards Institute (ANSI) Personnel Certification Accreditation. To become certified, an organization must undergo stringent quality reviews and assessments. EC-Council is one of the few organizations that specialize in information security (IS) to earn the accreditation.

Albuquerque, NM, March 7, 2012 – Today EC-Council announces that it has been accredited by the American National Standards Institute (ANSI) to meet the ANSI/ISO/IEC 17024 Personnel Certification Accreditation standard for its Certified Ethical Hacker (CEHv8) certification. EC-Council is one of a handful of certification bodies, whose primary specialization is information security, to be awarded this much sought-after quality standard.

“ANSI commends EC-Council for meeting the rigorous requirements of the ISO/IEC 17024 standard and joining the elite group of organizations that have achieved this distinction” said Dr. Vijay Krishna, ANSI senior manager of personnel certification accreditation programs. “This achievement highlights EC-Council’s commitment to offering a high quality certification program. The ANSI accreditation process is designed to increase the integrity, confidence, and mobility of certified professionals and creates value for all the stakeholders including certification holder, employer, public, and regulatory authorities.”

The American National Standards Institute (ANSI) is a private non-profit organization that administers and coordinates the U.S. voluntary standardization and conformity assessment system. It is the sole representative of both the International Organization for Standardization (ISO) and the International Electro-technical Commission (IEC) in the United States. ANSI is the only personnel certification accreditation body in the United States to meet nationally accepted practices for accreditation bodies. The ANSI/ISO/IEC 17024 standard addresses the general requirements for certification entities.

In order to award the accreditation, ANSI conducted a verification process to ensure that EC-Council is impartial and objective as a certification body. It also confirmed that EC-Council’s certification process is conducted in a consistent, comparable, and reliable manner. This process required rigorous quality reviews of EC-Council and the Certified Ethical Hacker (CEHv8) certification program.

Jay Bavisi, Co-Founder and President of EC-Council commented, “Achieving ANSI 17024 reflects not only our commitment to quality but, equally important, our approach to continuously improve as a learning organization to ensure that EC-Council is much more agile, efficient, and strategically fit for the future.”

A Certified Ethical Hacker (C|EH) is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). Since its creation in 2003, the Certified Ethical Hacker has certified over thirty thousand individuals and has become the global de facto leader in certifying IS professionals.

EC-Council has been recognized for its highly popular CISO certification and for its certifications in the field of computer forensic, penetration testing and network security globally.

Bavisi added, “We have worked hard for over 2 years to meet the stringent requirements of ANSI 17024 standard. We have scrutinized and challenged every aspect of EC-Council certification activities and operations. This has resulted in significant improvements to both what we do and how we will do it. This benchmark of excellence will give our customers even more confidence in the quality of our certification”.

Contact:
Marissa Easter- Marketing Communications Specialist (marissa.easter@eccouncil.org)

About EC-Council:
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). EC-Council has trained over 100,000 security professionals and certified more than 50,000 infosec professionals. Its certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. The global organization is headquartered in Albuquerque, New Mexico, USA. More information about EC-Council is available at www.eccouncil.org.

About ANSI:
The American National Standards Institute (ANSI) is a private non-profit organization whose mission is to enhance U.S. global competitiveness and the American quality of life by promoting, facilitating, and safeguarding the integrity of the voluntary standardization and conformity assessment system. Its membership is comprised of businesses, professional societies and trade associations, standards developers, government agencies, and consumer and labor organizations. The Institute represents the diverse interests of more than 125,000 companies and organizations and 3.5 million professionals worldwide.

The Institute is the official U.S. representative to the International Organization for Standardization (ISO) and, via the U.S. National Committee, the International Electrotechnical Commission (IEC), and is a U.S. representative to the International Accreditation Forum (IAF).


Anonymous withdraws Indian hack under pressure

The fledgling Indian operation of hacker group Anonymous attacked the website of the Indian army on Friday, but reversed its decision after it ran into criticism from Indian supporters who were annoyed that the Indian army was targeted.

Later on Friday, the hacker group said in a Twitter message that the Indian army site was now working fine. The new consensus appears to be not to target government websites, but only those of corrupt politicians.

The Hacker News reported that the Indian army site was down for only about an hour, according to the hackers. Indian government officials were not immediately available for comment. It is also not clear whether the Indian army or Anonymous put the website in order. Read more…


China behind recent hack attacks, says Indian government

The Times of India has accused Chinese hackers, allegedly backed by the Chinese government, of systematically attacking Indian online assets over the past 18 months. The goal of these assaults, at least according to the paper, is to map and discover weak points within India’s IT infrastructure. Such information could give China an advantage in any potential conflict, and the article implies that India has been slow to develop a retalitory system in the event of a Chinese attack.

The degree to which the Chinese government is actually involved in these attacks is still an open question, The Times’ rhetoric notwithstanding. A continuing series of sophisticated and methodical assaults is no longer proof of another nation’s malevolent intent, even if such attacks appear to be originating in the country in question. Read more…


Appin Security multiple sites hacked and databases uploaded online

Appin Knowledge Solutions is a part of Appin Group of Companies and the premier provider of hi- technology certification, courseware as well as online, computer based and instructor led training across the world. Appin is primarily an IIT Alumni company. Appin has come up with the way of innovative learning concept using Computer Based Training Software (CBTS) in a highly interactive environment.


We need a community of ethical hackers, says IT minister Kapil Sibal

NEW DELHI: IT minister Kapil Sibal will table a bill in the Winter Session of Parliament that will mandate all states to automate all services delivered by government. Speaking at the curtain raiser of Third Global Cyber Security Summit in the capital, Sibal said that framing the rules for cyber security in the world will be imperative, as India looks to automate all public services.

India is hosting the third global cyber security summit in October next year. Companies such as ZTE, which are facing problems selling their telecom equipments in various markets, say aligning of cyber security rules will help them. “We need a legal framework as we are dealing with one of the best minds. We also need a community of ethical hackers, as the resource pool of them is very limited in the world,” said Sibal. Read more…


Good Versus Evil: How to Further Protect Your Privacy on Mobile Devices and Wireless Networks”

Your bank account has just been drained and the bank says that you willingly did it and there is no chance for a reversal. Well, for all purposes, you did. Your username, password and security questions were all answered correctly just prior to the transaction, but the problem is, it wasn’t you, it was the work of a hacker who gained your information through a public forum in which you had both joined the same wireless network. Can it happen? Yes it can, and it does. One party figures out how to gain information for the benefit of the consumer and the other party figures out the information for the detriment of the consumer. It’s the ongoing battle between certified ethical hackers and malicious hackers. Read more…


XSS Vulnerabilities Can Affect Embedded Browsers in Mobile Apps

A security researcher has noted that the use of embedded browsers in mobile applications can make those applications vulnerable to cross site scripting attacks. Developers of mobile software have found it can be effective to embed a smartphone operating system’s web browser and then create their user interface using HTML, CSS and JavaScript. The user interface is then more portable to other devices and is easier to customise using CSS. But this convenience comes at a cost. Researcher Kyle Osborn, who is presenting his findings at TakedownCon, found that some developers don’t clean the data being sent to their HTML-based user interface.  Read more…


Mobile Security at TakeDownCon: Hackers Handing Out a Healthy Dose of Paranoia”

Smartphones are mini-computers packed with financial and personal info, but even though folks can use their mobile devices for everything from paying bills to GPS, it’s a bit confusing when wondering why folks don’t consider mobile security. To ignore the need for mobile security is a bit like choosing to run a computer without any regard to security precautions. Not wise at all. Even without any malicious intent by app developers, many are not concerned about security; their apps may ask for overreaching access permissions.

Mobile and wireless security news is pouring out of TakeDownCon in Las Vegas. During the keynote presentation, Moxie Marlinspike said “mobile malware detection should be done by the app stores” and “Google has done the absolute bare minimum to secure the Android platform.” Marlinspike tweeted, “Half way through my talk at TakeDownCon this morning, I realized it included some minor Android 0day we hadn’t reported.”  Read more…