CEH site hacked
Comments
-
bryguy Member Posts: 190ilabs is up... iclass, not yet. www.eccouncil.org looks like it's trying to answer, but perhaps too many people trying...
-
BGraves Member Posts: 339ilabs is up... iclass, not yet. www.eccouncil.org looks like it's trying to answer, but perhaps too many people trying...
-
varelg Banned Posts: 790Business as usual, like nothing ever happened. Certifying and licencing penetration testers, secure programmers, training people to trace cyber criminals... L o l !!
-
Master Of Puppets Member Posts: 1,210Yeah at this point I think I'm going to skip the CEHYes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
-
sojourn Member Posts: 61 ■■□□□□□□□□Came here to post the same thing. Not bothering with the CEH now. Novices.
-
SephStorm Member Posts: 1,731 ■■■■■■■□□□@Sephstorm, where would Snowden's password be compromised? The way it used to work (I sent in the letter in 2010 to be verified to sit for the test, you just had to email them a picture ID and the letter... it just shows that they are just archiving everything in gmail, instead of deleting that sensitive information.I also found this on their site, and find I to be a bit comical: CEH VS SANS and absolutely untrue as well.
I'm assuming the password that was disclosed was for something used to login on the eccouncil site, the only possibility is the member site, the delta portal, or their new system.
Edit, as far as notification, even if pii is compromised, eccouncil is not a US company, not sure how us law will apply to them. -
colemic Member Posts: 1,569 ■■■■■■■□□□I'm assuming the password that was disclosed was for something used to login on the eccouncil site, the only possibility is the member site, the delta portal, or their new system.
Edit, as far as notification, even if pii is compromised, eccouncil is not a US company, not sure how us law will apply to them.Working on: staying alive and staying employed -
BGraves Member Posts: 339Maybe CEH has it's own rules on handle these kinds of things....similar to that of fight club I guess?
-
geek4god Member Posts: 187A little irony from their frot page..Think About the Unthinkable Event.
Are you Skilled to Handle
the Cyber Attack -
JDMurray Admin Posts: 13,099 AdminThey have 'offices' in NM, presumably with employees, who fall under US Labor laws, so why wouldn't they fall under disclosure laws? Not to mention the ethical obligation to disclose to those affected. re: password, I assumed it was an EC-Council member's login that was compromised, hence the access to the entire gmail account.
-
colemic Member Posts: 1,569 ■■■■■■■□□□<crickets chirping>Working on: staying alive and staying employed
-
cyberguypr Mod Posts: 6,928 ModStill radio silence. In the meanwhile I leave you with the daily chuckle:Well what can I say? As a fellow CEH and CHFI and ECSA and LPT and many many more certifications, I can safely say that it is NOT the fault of the CEH certification and the CEH certification is the BEST in the market for 50% theory and 50% practical. It is the most standardised as a certification and it is ALWAYS up to the instructor to be the best he/she can be to deliver the course. The courseware is a guideline. When I deliver the course I go far beyond the material and we delve into Buffer Overflow and Assembler coding, so try and not blame the certification and the instructors around the world! Be logical. This can happen to any company and it has! This is a user error and heads will roll and EC-Council will just improve and overall it will be a good result for all CEH’s and the public in the long run.
Pride is at stake and well Yes there needs to be an honest reply from EC-Council and to be honest, who can accurately say they are 100% secure? That does not exist!
Source -
colemic Member Posts: 1,569 ■■■■■■■□□□Drumroll please... EC-Council has a new statement regarding their breach: EC-Council takes the privacy and confidentiality of their customers very seriously. | EC-Council News ROFLWorking on: staying alive and staying employed
-
colemic Member Posts: 1,569 ■■■■■■■□□□full text: On Saturday, February 22nd, 2014, the ICANN-accredited domain registrar of EC-Council was compromised and as a result, EC-Council suffered a DNS Poisoning attack, which resulted in their website being defaced. EC-Council launched a comprehensive investigation and began work to regain control immediately.
As the attack happened over the weekend, EC-Council’s security team had challenges reaching the appropriate domain registrar personnel to address the situation. As a result, the hacker was able to maintain control of the registrar’s system and the EC-Council domain during this time period. The domain registrar in question was unable to secure their servers to a level desired by EC-Council and during this period, the domain registrar was exposed at least 2 more times. As such, EC-Council sustained an outage while moving the entire domain to another provider. Simultaneously, the EC-Council security team instituted additional countermeasures to other EC-Council systems within their direct control and began strengthening other security measures organization-wide.
EC-Council uses a cloud service provider for enterprise email. Once the domain privilege was attained, the hacker then issued a password reset request to the email service provider. This circumvented EC-Council’s best practices of using complex passwords and 2-factor authentication.
EC-Council has informed the service provider of this password reset policy vulnerability and are hopeful that they have already rectified it for the benefit of the IT community in general.
With administrative access to the email service provider, the hacker was able to compromise a small number of email accounts before the EC-Council security team was able to respond to the breach. This resulted in unauthorized access to messages in those specific email boxes for a short duration of time. The potentially compromised accounts represent approximately 2% of their customer base.
As the investigation is ongoing, EC-Council was unable to ascertain if any data was compromised in these accounts. However, as a precautionary measure, they are writing to notify customers that have sent any personally identifiable information to EC-Council via e-mail that there is a possibility that these may have been exposed through email. No credit card data was compromised. As a precaution, EC-Council strongly recommends that their affected customers remain vigilant for any unauthorized use of the information shared with EC-Council and that they alert EC-Council if they find any reason to suspect any.
EC-Council strives to set a very high bar for how they serve their community, and this incident is upsetting. EC-Council has since transferred their domain to another registrar, changed policies on management of personal information, improved existing data retention policies, introduced two-factor authentication for member portals, and improved security procedures and systems. They will continue to do more in the weeks and months to come.
EC-Council has been working closely with law enforcement agencies across 3 continents. EC-Council is doing everything in their power to prevent this from happening again and will leverage the full extent of international law to prosecute the individual responsible.
EC-Council is a vibrant community like no other, and value their customers. Please let them know if you have any questions, comments, or concerns. You can reach them at accountsecurity@eccouncil.org.Working on: staying alive and staying employed -
colemic Member Posts: 1,569 ■■■■■■■□□□Am I missing something? How exactly did EC_Council's mail account get compromised? The way I read it they are blaming the registrar? OK, not the registrar but gmail for having insufficient controls?Working on: staying alive and staying employed
-
Asif Dasl Member Posts: 2,116 ■■■■■■■■□□No idea how their gmail got hacked unless they used the same password for both? I dunno.. Gmail has got 2 step authentication
So we are not to use GoDaddy because they were involved in the @N hijacking and we are not to use WebNIC.cc because they were involved in the EC Council hijacking. EC Council went back to good ol' Network Solutions!
Seemingly WebNIC.cc caused some other domain to go offline also - they have a testimonial from someone else that got hit.."I would like to express my sincere thank you to you and all of your staff.
Regarding the domain incident happened in last month, it was solved with your professional and generous assistance. I will never be able to express how thankful I am for what you and your colleagues did. Your dedication and support was unbelievable!
I have no doubt that WebNIC is the best partner of UDomain and will have a long business relationship.
With thanks again and best wishes to you. "
To Cheung
(CEO)
UDomain Web Hosting Co Ltd
Meant to post this last week also: Inside Eugene’s Gibson (EC-Council, Part II) | r000t's Blag -
cyberguypr Mod Posts: 6,928 ModThat statement is the epitome of corporate BS. Not like I was expecting anything better, but come on! Zero due diligence with their vendors and zero concept of due care. Lovely.
I do wonder where they sent Snowden his PII exposure notification -
JDMurray Admin Posts: 13,099 AdminAm I missing something? How exactly did EC_Council's mail account get compromised? The way I read it they are blaming the registrar? OK, not the registrar but gmail for having insufficient controls?
And how did the attackers manage to provide the second factor of authentication to Gmail to reset the password, or is providing the 2nd factor not required when resetting a forgotten Gmail password? -
colemic Member Posts: 1,569 ■■■■■■■□□□I can't wrap my head around it. There is no way that they are being truthful. A bunch of merde, as the French say.Working on: staying alive and staying employed
-
f0rgiv3n Member Posts: 598 ■■■■□□□□□□Are we sure it was a gmail hosted email account? It says "cloud service" but are we sure it was google that hosted it? Either way, I can see how something like this might possibly happen since they owned the DNS account they also controlled the MX records for that domain. Without knowing the exact provider or more details on how it was setup it is definitely fuzzy but by having access to their MX records that might have had something to do with it.
-
JDMurray Admin Posts: 13,099 Adminaspen.eccouncil.org now has 2-factor authentication by adding a text-back system that sends a numeric code to the account owner's cell phone after the correct account name and password are entered. A slight decrease in convenience for a modicum of improvement in security.
-
Lostpacket Member Posts: 25 ■■■□□□□□□□aspen.eccouncil.org now has 2-factor authentication by adding a text-back system that sends a numeric code to the account owner's cell phone after the correct account name and password are entered. A slight decrease in convenience for a modicum of improvement in security.
Better late than never I guess. Google has had that feature available since 2011 I believe.
I've had it enabled on both my work and personal Gmail accounts for over a year. The Google Authenicator smartphone app works slick. -
phoeneous Member Posts: 2,333 ■■■■■■■□□□Silly Libyans, dont they know that cats are the only acceptable hax logo?
-
JDMurray Admin Posts: 13,099 AdminZeus is fine now and none of the other eccouncil.org sites seem to have been affected.