The first ever CyberLympics regional finals at Gitex Technology Week head towards the climax of the competition with some of the most skilful hackers from India and the Middle East taking part in a series of ethical challenges to attack and defend a number of software targets.
Covering web applications, OS compromise, exploit hunting, and lock picking, the event involves six teams from India, Jordan and the UAE pitted against each other to highlight the sophistication and speed of ICT security.
“It gives us great pleasure to be partnering with Gitex to host the region’s first CyberLympics finals,” said Leonard Chin, Vice Chair of the Global CyberLympics Organizing Committee. “CyberLympics involves a tremendous amount of skill and it’s a lot of fun, but it is also an excellent way to raise awareness of cybercrime. We have already seen a great attendance throughout the championship and I expect the audience will grow even more for the final day.”
As reported in FierceFinanceIT, 2011 has seen major financial and commercial companies victimized by online breaches. In an effort to beef up security, many of these companies are now turning to certified professional hackers to test and enhance security systems.
Often referred to as “ethical hacking,” it’s a phenomenon that Jay Bavisi, co-founder of the International Council of Electronic Commerce Consultants (EC-Council), says has entered into the mainstream over the last 10 years.
“In five years it will almost become mandatory. You probably need to have an [ethical hacker] that’s on your job,” Bavisi told FierceFinanceIT. Formed in 2001, the EC-Council has trained over 80,000 individuals, certified more than 30,000 IT professionals and represents 87 countries, according to the organization’s website. Read more…
Over the past 27 to November 28 was held at Hotel Novotel Morumbi in São Paulo | Brazil the 7th Edition H2HC (Hackers to Hackers Conference). A conference organized by people who work or who are directly involved with research and development in information security, whose main goal is to enable the dissemination, discussion and exchange of knowledge on information security among participants and also among the companies involved in event. With training and lectures presented by respected members of the corporate world, research groups and underground community. This year the conference has demonstrated techniques that have never been seen or discussed with the public before.
The New Horizons Brazil with his technical staff and consultants attended the event as sponsor, offering training and showing their networks training, information security training and the coveted EC-Council Certified Ethical Hacker training, which aims at qualifying professionals to implement testing non-destructive penetration in e-Commerce, e-Business, IT Security and other types of networks and systems.
ALBUQUERQUE, NM, Apr 15, 2010 – Infosecurity Europe, the leading cybersecurity event in Europe, has named Jay Bavisi, president and co-founder of EC-Council to lead its signature Hacker’s Panel at the London conference later this month. The panel, scheduled for April 29th, will focus on the subject of cyber warfare, from the perspective of both crime fighters and victims in order to better evaluate the threat and its financial impacts.
“I am gratified to have been named once again by Infosecurity Europe to lead this groundbreaking Hacker’s Panel,” Jay said. “This panel shall engage in one of the most interesting cybersecurity discussions to take place in Europe, and I look forward to sharing insights from the best minds in the industry on the latest threats facing the cyber community.”
Jay will serve as chairman of the Hacker’s Panel, which is to consists of several of the world’s leading hackers and cybersecurity experts. This marks the second time Jay has been chosen to lead the Hacker’s Panel at Infosecurity Europe. In addition to Jay, one participant on the Hacker’s Panel is Sean Hanna, EC-Council’s Certified Instructor, who is also the director of Nemstar Ltd. Hanna is an award-winning IT Security trainer and consultant who has served such clients as the Irish Army and international financial companies and public sector organizations in both the United Kingdom and the Republic of Ireland.
Due to the sensitivity of the subject, the remaining panel speakers will not be identified prior to the event.
Since founding EC-Council in 2002, Jay Bavisi has been a strong advocate for the adoption of better training and education standards within the IT security industries in the U.S., Europe and Asia. His organization has been instrumental in creating new industry standards for cyber security training, including Certified Ethical Hacker (CEH); Computer Hacking Forensic Investigator (CHFI); Security Analyst (ECSA); and Licensed Penetration Tester (LPT) certification. In February, EC-Council got the nod from the U.S. Department of Defense to incorporate Certified Ethical Hacker training as an option to the Pentagon’s formal training program for its information assurance workforce.
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).
EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences. The global organization is headquartered in Albuquerque, New Mexico.
For more information about EC-Council, please visit the website: www.eccouncil.org
ABOUT INFOSECURITY EUROPE
Infosecurity Europe, celebrating 15 years at the heart of the industry in 2010, is Europe’s number one Information Security event. Featuring over 300 exhibitors, the most diverse range of new products and services, an unrivalled education programme and visitors from every segment of the industry, it is the most important date in the calendar for Information Security professionals across Europe. Organised by Reed Exhibitions, the world’s largest tradeshow organiser, Infosecurity Europe is one of five Infosecurity events around the world with events also running in Belgium, Netherlands and Russia. Infosecurity Europe runs from the 27th – 29th April 2010, in Earls Court, London. For further information please visit www.infosec.co.uk
Thursday, Mar. 18, 2010
Both Butterbaugh and Bavisi say there are no concerns that military personnel trained as hackers might go rogue. “Computer network defense service providers,” Butterbaugh says, “are vetted and have security clearances.” Not only that, adds Bavisi: those trained as ethical hackers have to sign a legally binding pledge that they will not engage in malicious hacking. “So far,” he says, “we haven’t had a single case where someone became a real hacker.”
Ethical hackers gathered this week in Miami to talk about the latest cyber terrorism threats. The world of hackers is kind of like the Star Wars universe: There’s a light side and a dark side of cracking computers.
Hundreds of hackers on the side of good — or ethical hackers — gathered at the 14th Hacker Halted global conference this week, held for the first time in Miami, to talk about strategies to thwart cyber terrorists.
Ethical hackers understand how to hack a system in order to better protect against attacks, or to know where the vulnerabilities are in a program.
“A good defense is a good offense,” said Sean Arries, a security engineer at Terremark Worldwide. “If you understand your opponent and you understand how the attacker is going to attack you, then it makes it a lot easier for you to defend yourself.”
Arries gave a cautionary presentation detailing how hackers can take advantage of a vulnerability in Windows Vista and Windows Server 2008 — a gateway for hackers that Microsoft hasn’t yet patched.
Arries did a scan of 43,000 domains and found 110 of those sites were vulnerable to that exploit.
“Now 110 is quite a lot, because that becomes a staging process for an attacker to launch against other sites and internal networks,” he added.
Bloggers have been writing about this flaw for two weeks, so it wasn’t exactly news to the audience. But while going through slides filled with programming code, he warned attendees that hackers will likely launch a worm to take advantage of this flaw any day now.
“We are in a scramble state to secure our clients and customers and secure ourselves interally before this worm shows up — and it will be coming,” Arries said in an interview afterward.
Not everyone who comes to events like this is a good guy, so to speak. Talk to anyone at that conference and they believe at least some “black hat” hackers were among them in anonymity — or more likely, programmers who work in a morally gray area.
“The same techniques that you learn to protect a system are the same things people look at to break into systems,” said Howard A. Schmidt, president of the Information Security Forum. “You have the good guys trying to out-thwart the bad guys, and the bad guys going to learn from the good guys. ”
In the world of hacker conferences, Hacker Halted, which ended Friday, is pretty tame compared to the DefCon and Black Hat conferences in Las Vegas.
“That’s where you get more of the black hat subculture to learn what’s going on and extract information that maybe you should or shouldn’t be privy to,” said Solutient technical trainer Ernie Campbell, who flew in from Cleveland to attend. Malicious hackers are usually grouped into subsets.
There are the “script kiddies,” a derogatory term given to hackers who use programs to cause trouble because they don’t have the skills to write their own code. There’s also the typical movie stereotype of pale guys pounding down energy drinks in a basement full of computer screens as they wreak havoc.
“That certainly exists, but it is a small, small subculture,” said Erik Laykin, managing director of Duff & Phelps in Los Angeles and honorary chairman of the Electronic Commerce Council, which organized the conference.
The hackers that Laykin and other investigators focus on are the criminal hackers — many working out of the country — who keep coming up with ways to steal financial information.
And while these criminals work 24/7, it’s a constant job of playing catch up for the certified ethical hacker who is trying to stay on top of the latest exploits. And as people become more attached to mobile devices, cellphones will be the target down the road.
But it could be worse than that.
“Defibrillators that are implanted in people’s chests today have electronic remote sensors so they can be reprogrammed using wireless technology. That’s an early technology that’s potentially susceptible to hacking,” Laykin said.