Options

EC|Council Portal Security Issues

2»

Comments

  • Options
    swildswild Member Posts: 828
    EC-Council lost credibility for me when I was studying for the CEH and realized how much of a joke it was. Then they came out with their Master's program and I knew they were not worth another second of my time. With this reply from their CEO, instead of being neutrally opposed to this organization, I am now actively against them and will say so at every opportunity.

    They are obviously doing this for profits only and do not care one tiny iota about advancing my chosen profession. I'll give my money to the organizations that seem to care: (ISC)2, ISACA, SANS, and even CompTIA.
    · Share on FacebookShare on Twitter
  • Options
    QuantumstateQuantumstate Member Posts: 192 ■■■■□□□□□□
    Frankly swild, you've criticized CEH so much, I think you'd failed the exam. You constantly complain about the cost, deride the quality, and so on ad infinitum, but to me it's clear what happened to you.

    That's what your problem really is.
    · Share on FacebookShare on Twitter
  • Options
    ephemericephemeric Member Posts: 13 ■□□□□□□□□□
    EC-Council is useless, don't waste your time or money on their stuff. Any copy of Hacking Exposed covers much more than their CEH and as for CHFI, rather do the SANS stuff if you can afford it. I only did their certs because they can be subject credits.
    · Share on FacebookShare on Twitter
  • Options
    lsud00dlsud00d Member Posts: 1,571
    Storing passwords in plain text is UNFORGIVABLE in today's world, ESPECIALLY from an organization that is supposed to certify people in the security realm.

    I recently realized an online vendor that I obtain study materials from stores passwords in plain text when I went to "reset" my password, when in reality it was a "retrieval" because they sent me the ACTUAL PASSWORD. It blows my mind.

    SALTED HASHBROWNS FFS
    · Share on FacebookShare on Twitter
  • Options
    swildswild Member Posts: 828
    Quantumstate wrote: »
    Frankly swild, you've criticized CEH so much, I think you'd failed the exam. You constantly complain about the cost, deride the quality, and so on ad infinitum, but to me it's clear what happened to you.

    That's what your problem really is.

    You are entitled to whatever opinion you care to have. I have to say that after reading your reply, it is possible that I have been beating a dead horse, but most of the posts on this thread are in agreement with my opinion. If you are aware of any awareness campaigns, industry newsletters, or any other way that could show that EC-Council is helping to contribute to the community, please let us know.
    · Share on FacebookShare on Twitter
  • Options
    Chivalry1Chivalry1 Member Posts: 569
    JDMurray wrote: »
    They probably need to harden their, "I forgot my password" feature too. Implementing CAPTCHAs or progressive time-delayed responses is a cheap way to do that.

    Maybe they should employ some of there "EC-Certified License Pen Testers" to Pen Test there own website. Or utilize some of there "EC-Certified Encryption Specialist" to harden there web database. Because If not they will be using a "EC-Certified Incident Handler" to figure out what happen.

    What a joke EC-Council, I think CompTia has a better corporate business strategy than you.

    *And EC-Council wants me to submit ECE credits to maintain my C|EH V7 certification....yeah right!!!! Does finding vulnerabilities and exploits on your company website count for anything!!!*** :)
    "The recipe for perpetual ignorance is: be satisfied with your opinions and
    content with your knowledge. " Elbert Hubbard (1856 - 1915)
    · Share on FacebookShare on Twitter
  • Options
    SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    They are currently doing a competition, and the program rules state that if you are in the top 100, you are forbidden to comment negativly on their company/products, ect...

    nough said.
    http://www.ethicalhacker.net/forums/index.php - sectestanalysis.blogspot.com
    · Share on FacebookShare on Twitter
  • Options
    N3JOEN3JOE Registered Users Posts: 1 ■□□□□□□□□□
    Look at their portal platform, built on ancient "Web Wiz" forums v7.8, using classic ASP. Yes, the site actually does have a "guestbook", labels showing how quickly the page was generated, and loads of other 1990's style features. Check out Web Wiz forums 7.8 at cvedetails.com

    It should be noted that the site clearly states that they will remove any posting of complaints or any negativity whatsoever toward EC council.

    This culture of censorship and ancient technology is not typical of any real-world hacker.
    · Share on FacebookShare on Twitter
  • Options
    the4tressthe4tress Member Posts: 24 ■□□□□□□□□□
    So here is one more really suspicious incident on their site.

    For anybody that has a DoD CAC, put your CAC in and do a Google search for "ec council ece". This will return the EC|Council portal site as the first result. If you click on that link it will prompt you for your CAC PIN. This only happens when you are going to it from Google. If you just go straight to the protal site (https://portal.eccouncil.org/delta/) then it won't prompt you for your CAC PIN.

    Has anybody else noticed this? I know its not just me as others in my office tried it too.

    Why the hell is EC|Council wanting our CAC credentials?
    · Share on FacebookShare on Twitter
  • Options
    JDMurrayJDMurray Admin Posts: 13,034 Admin
    the4tress wrote: »
    Why the hell is EC|Council wanting our CAC credentials?
    I have always wondered how a civilian company based in Pakistan can do such confidential work with the US DoD.

    Forum Admin at www.techexams.net
    --
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    · Share on FacebookShare on Twitter
Sign In or Register to comment.