EC|Council Portal Security Issues
Comments
-
swild Member Posts: 828EC-Council lost credibility for me when I was studying for the CEH and realized how much of a joke it was. Then they came out with their Master's program and I knew they were not worth another second of my time. With this reply from their CEO, instead of being neutrally opposed to this organization, I am now actively against them and will say so at every opportunity.
They are obviously doing this for profits only and do not care one tiny iota about advancing my chosen profession. I'll give my money to the organizations that seem to care: (ISC)2, ISACA, SANS, and even CompTIA. -
Quantumstate Member Posts: 192 ■■■■□□□□□□Frankly swild, you've criticized CEH so much, I think you'd failed the exam. You constantly complain about the cost, deride the quality, and so on ad infinitum, but to me it's clear what happened to you.
That's what your problem really is. -
ephemeric Member Posts: 13 ■□□□□□□□□□EC-Council is useless, don't waste your time or money on their stuff. Any copy of Hacking Exposed covers much more than their CEH and as for CHFI, rather do the SANS stuff if you can afford it. I only did their certs because they can be subject credits.
-
lsud00d Member Posts: 1,571Storing passwords in plain text is UNFORGIVABLE in today's world, ESPECIALLY from an organization that is supposed to certify people in the security realm.
I recently realized an online vendor that I obtain study materials from stores passwords in plain text when I went to "reset" my password, when in reality it was a "retrieval" because they sent me the ACTUAL PASSWORD. It blows my mind.
SALTED HASHBROWNS FFS -
swild Member Posts: 828Quantumstate wrote: »Frankly swild, you've criticized CEH so much, I think you'd failed the exam. You constantly complain about the cost, deride the quality, and so on ad infinitum, but to me it's clear what happened to you.
That's what your problem really is.
You are entitled to whatever opinion you care to have. I have to say that after reading your reply, it is possible that I have been beating a dead horse, but most of the posts on this thread are in agreement with my opinion. If you are aware of any awareness campaigns, industry newsletters, or any other way that could show that EC-Council is helping to contribute to the community, please let us know. -
Chivalry1 Member Posts: 569They probably need to harden their, "I forgot my password" feature too. Implementing CAPTCHAs or progressive time-delayed responses is a cheap way to do that.
Maybe they should employ some of there "EC-Certified License Pen Testers" to Pen Test there own website. Or utilize some of there "EC-Certified Encryption Specialist" to harden there web database. Because If not they will be using a "EC-Certified Incident Handler" to figure out what happen.
What a joke EC-Council, I think CompTia has a better corporate business strategy than you.
*And EC-Council wants me to submit ECE credits to maintain my C|EH V7 certification....yeah right!!!! Does finding vulnerabilities and exploits on your company website count for anything!!!***"The recipe for perpetual ignorance is: be satisfied with your opinions and
content with your knowledge. " Elbert Hubbard (1856 - 1915) -
SephStorm Member Posts: 1,731 ■■■■■■■□□□They are currently doing a competition, and the program rules state that if you are in the top 100, you are forbidden to comment negativly on their company/products, ect...
nough said. -
N3JOE Registered Users Posts: 1 ■□□□□□□□□□Look at their portal platform, built on ancient "Web Wiz" forums v7.8, using classic ASP. Yes, the site actually does have a "guestbook", labels showing how quickly the page was generated, and loads of other 1990's style features. Check out Web Wiz forums 7.8 at cvedetails.com
It should be noted that the site clearly states that they will remove any posting of complaints or any negativity whatsoever toward EC council.
This culture of censorship and ancient technology is not typical of any real-world hacker. -
the4tress Member Posts: 24 ■□□□□□□□□□So here is one more really suspicious incident on their site.
For anybody that has a DoD CAC, put your CAC in and do a Google search for "ec council ece". This will return the EC|Council portal site as the first result. If you click on that link it will prompt you for your CAC PIN. This only happens when you are going to it from Google. If you just go straight to the protal site (https://portal.eccouncil.org/delta/) then it won't prompt you for your CAC PIN.
Has anybody else noticed this? I know its not just me as others in my office tried it too.
Why the hell is EC|Council wanting our CAC credentials? -
JDMurray Admin Posts: 13,092 AdminWhy the hell is EC|Council wanting our CAC credentials?