Posts Tagged With ‘Information Security Updates’

New System Secures Cellphones for Web Transactions

An experimental method for two-factor authentication to websites employs mobile phones in a new way to ensure that users’ online accounts don’t get hijacked.

Called password less authentication (PLA), the scheme gathers authentication data over the Internet as well as carrier cellular networks and ties them together to positively identify the person trying to log in to an account, according to the author of PAL, Srikar Sagi, a security researcher.

PLA gets around some shortcomings of other scenarios in which cellphones are used in two-factor authentication. Some of these other methods have secure websites send SMS messages containing one-time passwords to cellphones for users to copy into the authentication page for the site they are logging into.  Read more…

Researcher demos threat of “transparent” smartphone botnets

In a presentation at TakeDownCon in Las Vegas today, security researcher Georgia Weidman demonstrated how malware on smartphones could be used to create smartphone “botnets” that could be used in the same way as PC botnets, providing hackers with a way to insert code between the operating system’s security layers and the cell network. In an interview with Ars Technica, Weidman said that the approaches used by Carrier IQ developers to create phone monitoring software could be adopted by hackers as well to create botnets that could silently steal users’ data, or send data without users’ knowledge. “From what I’ve seen in Carrier IQ, they just didn’t think about what they were going to do,” Weidman said. “But malware writers are going to take advantage of those techniques.

Google Earth, other mobile apps leave door open for scripting attacks

In the rush to create mobile apps that work across the leading smartphones and tablets, many developers have leaned heavily on web development tools and use embedded browsers as part of their packaged applications. But security researchers have shown that relying on browser technology in mobile apps—and even some desktop apps—can result in hidden vulnerabilities in those applications that can give an attacker access to local data and device features through cross-site scripting.

At today’s TakeDownCon security conference in Las Vegas, researcher Kyle Osborn will present some examples of cross-site scripting attacks that he and colleagues have discovered on mobile devices. “XSS is generally considered to be a browser attack,” Osborn said in an interview with Ars Technica. But many applications, he said, such as those built with cross-platform mobile-development tools like PhoneGap, use HTML rendering to handle display of data. If applications aren’t properly coded, it’s possible for JavaScript or other web-based attacks to be injected into them through externally-provided data. “Often, there are times when you can just make a JavaScript request and pull files from the local filesystem,” he said. Read more…

TakeDownCon Las Vegas Hosts Leading Industry Experts on Mobile Threats

As mobile and wireless devices and technology slowly become ubiquitous to our daily lives, their security is an area we cannot afford to ignore. TakeDownCon Las Vegas will be the platform where critical issues surrounding mobile and wireless security, are discussed and debated.

December 1, 2011 – Top ethical hackers from across the US will unveil the latest threats to mobile devices at next week’s TakeDownCon security conference in Las Vegas. TakeDownCon is the highly technical IT Security conference series designed by EC-Council that first launched this May in Dallas.

“The focus of TakeDownCon Las Vegas is on mobile and wireless security and we have assembled an all-star cast of leading cybersecurity minds who will be presenting cutting-edge vulnerabilities from mobile cross-site scripting to smartphone botnets, mobile application exploits and Android viruses,” said Leonard Chin, Conference Director for TakeDownCon. “Mobile devices pose one of the most significant and growing threats to corporate IT security and our speakers will be addressing a number of critical security management issues that are highly relevant for today’s businesses.” Read more…

As The Threat of Security Breaches Escalates to All Time Highs Across International Borders, EC-Council Announces Its 1st Series of Global CISO Executive Summits

Today’s cyber threats are not limited to a specific industry or country, but are infiltrating industries across the world on a grand scale. Leaders of information security must come together and set a course to discover ways to overcome these challenges.

November 30, 2011 Albuquerque, NM- EC-Council has announced a new Global CISO Executive Summit Series. The CISO Executive Summit 2011 is 1st of the series and will be held from December 5-6, 2011 at The M Resort in Las Vegas, NV. The mission of the CISO Executive Summit is to unite the top information security leaders across the world in the fight against cyber crime and information security threats.

Jay Bavisi, President of EC-Council, states the reason behind the Global CISO Executive Summit Series is that, “Knowledge transfer and exchange has always been a challenge for organizations. Our intent for this exclusive and high-level event is distinctly clear- it is to create a platform to facilitate effective knowledge exchange, where the information security threats and landscape evolution are being discussed and debated.”

The need for a platform designed specifically for top information security executives to gather and share information has never been more needed as industry professionals have called 2011 the “Year of Security Breaches.” According to Shawn Davis, FBI Executive Assistant Director, a company that recently became a victim of a security breach lost over $1 billion and 10 years worth of research and development virtually overnight. The surge in security breaches has heightened awareness across industries and lead to increased involvement of information security executive management. EC-Council’s Global CISO Executive Summit Series will connect top industry professionals across the world and create an arena for knowledge sharing and discussion.

EC-Council has designed the CISO Executive Summit 2011 as a panel-based event to encourage dialogue of the industry’s most recent topics, trends, and best practices. The event will feature over 40 prominent speakers from the private, public, and government sectors. To view a complete list of speakers, please visit Due to the nature of the discussions that will take place; this will be a closed-door event open only to senior information security executives (C-levels, VPs, Senior Directors, etc.).
The CISO Executive Summit will provide a platform for:

Knowledge Sharing: Sharing best practices and knowledge to overcome the challenges that the industry presents today so that leaders are prepared to defend tomorrow.

Networking: Networking with the industry’s leading security professionals and developing the support that will help design, develop and manage the most effective information security strategy for organizations.

Shaping the Future: Sharing knowledge and experience with colleagues to develop a global Summit format with a focus on international information security concerns.

The EC-Council CISO Executive Summit will be a forum to explore IT Security, privacy and risk and compliance issues such as:

For more information or to register, visit


Marissa Easter – Marketing Communications Specialist (marissa.

About EC-Council:

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and information security skills. It is the owner and creator of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), as well as many other programs that are offered in over 60 countries through a global training network of more than 450 training partners. For more information, visit

Summit will be a forum to exploreIT security, privacy

EC-Council organizes first Global CyberLympics in Malaysia

The world’s first ethical hacking championship ever organize in the country is supported by CyberSecurity Malaysia and its CEO, Lt Col (R) Prof Dato’ Husin Jazri, is also appointed as the Chairman of the Technical Advisory Board for the Asia Pacific Championships. The mission behind the Global CyberLympics (, is to foster better cooperation and communication on cybersecurity issues among countries

Kuala Lumpur, Malaysia – CyberSecurity Malaysia, the national cyber security specialist center, and an agency under the Ministry of Science, Technology and Innovation (MOSTI) Malaysia, is supporting the Global CyberLympics, a new initiative by the EC-Council to foster stronger international cooperation on information security issues and to improve cybersecurity training and awareness in developing nations and third world countries.

Created by EC-Council, the Global CyberLympics is a series of ethical hacking games comprised of both offensive and defensive security challenges that will take place starting from September across six continents. Teams will vie for regional championships, followed by a global championship round to determine the world’s best cybersecurity team. EC-Council is sponsoring over $400,000 worth of prizes at the CyberLympics.

“We support the mission of Global CyberLympics in fostering a greater sense of partnership and cooperation between countries on issues pertaining to cybersecurity,” said Lt Col (R) Prof Dato’ Husin Bin Jazri, CEO of CyberSecurity Malaysia. “By sharing knowledge, training and resources, we can help to improve the level of cybersecurity among individuals, organizations and companies around the world.”

“Our purpose with the Global CyberLympics initiative is to help establish true cybersecurity partnerships across borders,” said Jay Bavisi, Chairman of the Global CyberLympics Organizing Committee and president of EC-Council. “We are very proud and honored for this initiative to be supported by key players in the information security community, including CyberSecurity Malaysia, as well as some of the most reputable events such as GITEX, one of the third largest IT tradeshow globally, and Hacktivity, the largest IT security conference in central and eastern Europe.”

He adds, “We are also pleased that the CEO of CyberSecurity Malaysia has accepted the appointment as Chair of the Technical Advisory Board for the Asia Pacific Championships. This role will be instrumental in charting the technical directions of the Games for the Asia Pacific region.”

The EC-Council’s mission with the Global CyberLympics is to unify global cyber defense through the games, along with the following objectives:

The upcoming Asia Pacific Regional championships will be held at Hacker Halted Asia Pacific, hosted in Kuala Lumpur from Nov 15-17.

For media and partnership enquiries, please contact:  Leonard Chin, Vice Chair, Global CyberLympics Organizing Committee: leonard [at]



The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT) certification. EC-Council has trained over 90,000 security professionals and certified more than 45,000 members.
EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. The global organization is headquartered in Albuquerque, New Mexico. More information about EC-Council is available at



CyberSecurity Malaysia is the national cyber security specialist centre. The Government has gazetted the role of CyberSecurity Malaysia as an agency under the Ministry of Science, Technology and Innovation (MOSTI) that provides ICT security specialist services and continuously monitors threats to national security.

Among the services by CyberSecurity Malaysia:

More information at

Hacker Halted Miami: EC Council’s Jay Bavisi

Jay Bavisi is the Co-Founder and President of EC-Council, a global Leader in Information Security Education, Training, and Certification.

The EC-Council is a member-based organization that certifies individuals in various e-business and information security skills. It is the owner and creator of the world famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT) programs, and as well as many others programs, that are offered in over 60 countries through a training network of more than 450 training partners globally.

With 27 Infosec facing certifications in all, ECC’s direct interest is in supporting the global need for Security Certified Professionals in the realm of Ethical Hacking among many other domains.

EC-Council has trained over 80,000 individuals and certified more than 30,000 security professionals. Many of these certifications are recognized worldwide and have received endorsements from various government agencies including the US Federal Government via the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).

The United States Department of Defense has included the CEH program into its Directive 8570, making it as one of the mandatory standards to be achieved by Computer Network Defenders Service Providers (CND-SP).

The EC Council organizes the Hacker Halted conferences, featuring some of the best infosec superstars including Bruce Schneier (Internationally acclaimed security guru), Wolfgang Kandek (CTO – Qualys), Jeremiah Grossman (CTO – WhiteHat Security), George Kurtz (Global CTO – McAfee), Dr. Charlie Miller (Accuvant), Moxie Marlinspike, Barnaby Jack and many others.

There were a total of more than 70 speakers this year, and a very comprehensive agenda covering the major hot topics surrounding information security across 4 dedicated tracks.

Infosec Island was proud to be a media partner for this epic event.

Insulin pumps, other medical devices vulnerable to computer hackers

MIAMI — The special pumps used by hundreds of thousands of diabetes patients are vulnerable to computer hackers, who could make them deliver fatal doses of insulin, security researchers say.

Insulin pumps — like many other medical devices and hundreds of other everyday objects from cars to TVs and refrigerators — are vulnerable because they are controlled by computer chips that can be remotely programed via a wireless connection.

“I can issue [the insulin pump] any command I like,” McAfee security researcher Barnaby Jack told The Washington Times. “I can keep [it] dispensing [insulin] until the pump is empty.”

A typical pump reservoir contains about 300 units of insulin. Although exact doses vary among patients depending on body weight and other factors, 10 units would be enough to send someone to the hospital, and 20 units would kill most people. Read more…

Ethical Hacking Scholarship Recipient Announced to Equip Tomorrow’s IA Leaders with Skills to Lead Organizations’ Security Posture

The need for IT skilled professionals has never been greater as cyber threats and breaches increase at rapid speeds. In meeting the strong demand for highly educated information security professionals, EC-Council announces the recipient of a full Ethical Hacking Scholarship that will provide superior Information Assurance (IA) education. In addition, EC-Council University will award fifty applicants a Cyber Security Fellowship that will cut tuition costs in half.

October 24, 2011 Albuquerque, NM – Today, EC-Council University (ECU) awards the full-ride, $17,000 Ethical Hacking Scholarship to Mr. Kris Gairola. Gairola, an experienced IT Security Specialist, holds a bachelors degree in Information Systems and Operations Management from George Mason University along with several industry certifications, including EC-Council’s Certified Ethical Hacker (C|EH).

“We are extremely excited to award this scholarship to such an impressive applicant, and are looking forward to working with him as he develops his executive level IT and management competencies through the Master of Security Science (MSS) program,” says Dr. Kim Freeland, Dean of ECU, but adds that “It was a difficult decision to make due to the extensive pool of well-qualified applicants who submitted applications to be considered for the scholarship. Congratulations, Kris!”

Completion of the Masters of Security Science will provide Kris with the tools necessary to lead an organization regardless of its size in combating the ever-growing cyber threat. The MSS program will lay the foundation for lifelong learning and teach students, like Kris, how to grow, research, and adapt with the agility required to lead an organization’s complete security posture. MSS faculty are professionals who possess years of experience in the field of IT security and are considered experts by their peers. Faculty instruction, combined with their professional experience in IA, supports students as they work to apply various cyber security and management theories to real-world situations.

In addition to awarding the Ethical Hacking Scholarship, ECU is presenting fifty (50) Cyber Security Fellowships to well-qualified applicants who are looking to advance their careers in the ever-growing industry of information assurance. The Cyber Security Fellowship reduces tuition fees by fifty percent.

With cyber-security attacks on the rise, it is evident that the need for highly-trained IT security professionals will increase. A report released by the Government Accountability Office states that there have been 24 key agencies reporting Federal Cyber Security incidents, which is a 650 percent increase over the last five years. The Help Net Security magazine also reports that the number of critical vulnerabilities has tripled in 2011 and this led to the declaration of 2011 as the “Year of the Security Breach.” The Government Accountability Office suggests that the increase in the number of security incidents reported is due to a number of weaknesses with regard to how security is being implemented. Additional research and follow up shows lack of improvement furthering the issue. The lack of adequate training given to authorized personnel assisting in the monitoring of cyber security leaves businesses susceptible to attacks.

EC-Council University operates with the goal of meeting these industry needs by producing skilled IT and management innovators who will be the information assurance leaders of tomorrow. As organizations look for ways to safeguard their networks from cybercriminals, graduates will be there to provide solutions.

The Master’s of Security Science program solidifies a symbiotic blend of executive leadership and tactical information security and infosec leadership skills by educating individuals in industry leading technologies and skills, executive leadership, psychology, management and ethics. Focusing on topics like “inside the hackers mind,” “ethical hacking”, and even “global leadership” provides a very unique skill set arming the graduate with the tools, knowledge, and ability to lead effectively against advanced persistent threats such as individually motivated hacktivists, state sponsored organizations, even organized crime exploiting digital technologies.


EC-Council University is a leading provider of information security education and training to professionals in the security and military fields, and post-graduate students. It is the developer of the ‘Master of Security Science,’ a 100 percent online degree program designed to provide students with a solid foundation in information security. The MS information security course is suitable for students with a wide range of previous security experience. The MSS program is offered online, enabling students to access classes from any location in the world and at any time. The University also offers several certifications, including Information Security Professional, IT Analyst, Digital Forensics and Executive Information Assurance, IT Disaster Recovery Certifications. Digital Forensics and Executive Information Assurance. Website:

CICRA, EC-Council sponsor first-ever Hacking Challenge and Information Security Quiz

CICRA Institute of Education in association with the International Association of Electronic Commerce Consultants (EC-Council), USA is sponsoring the first-ever Hacking Challenge and Information Security Quiz in Sri Lanka.

Each member of the winning team of the Hacking Challenge and the Information Security Quiz will receive a free training voucher to follow globally recognized, prestigious but expensive Certified Ethical Hacker (C|EH) training programme at the state of the art computer laboratory at the CICRA Institute of Education in Colombo. Read more…