PaulDotCom mailing list archives
Re: Ec-council (Certified Ethical Hacker) gets Hacked
From: yersinia <yersinia.spiros () gmail com>
Date: Tue, 21 May 2013 10:28:01 +0200
On Mon, May 20, 2013 at 5:36 PM, Ryan Dewhurst <ryandewhurst () gmail com> wrote:
Anyone a member of their group on linkedin? Seems they posted their official reply there, but I'm not a member and they're unlikely to aprove my membership request.
Hi to all I'm part of the EC-COUNCIL group on linkedin. There were two posts on this topic. The most recent (11 hours ago) is the following " **Updated** Message from EC-Council On May 16th, 2013, EC-Council was notified of an article that stated an alleged hack had taken place on EC-Council Servers. Upon notification, EC-Council immediately investigated the issue. Contrary to the news reported by E Hacking News this week, EC-Council did not suffer a breach, nor was it the victim of a hacking incident. EC-Council takes these types of incidents very seriously and conducted an extensive investigation as soon as it was notified about the allegation. EC Council's Information security experts reviewed the information shared through E Hacking News, which is apparently based out of Chennai, India. EC-Council has determined that the information that was purportedly obtained by the individual by hacking into EC Council's website was actually obtained due to a human error that allowed "Directory viewing” while a non-production environment was under development. This configuration allows a visitor to view the contents of a web directory much like visiting a web page, however instead of a webpage, the user is able to see links to files in web directories. This was not a breach and no systems were affected. The files contained in the listed directories were encrypted binary .Resource files; primarily DRM (Digital Rights management) protected documents that EC-Council makes available for download to paying students and organizations globally and some other non confidential files that were already in public circulation. No sensitive data or personal information was compromised. By nature, these DRM protected documents are fully encrypted and require active accounts with valid credentials to access the contents therein. Files contained in these directories were .Resource files not served by IIS, just listed with read only rights preventing any download or modification of the original files. Directory browsing has been disabled on the one development server in question. While re-iterating that fact that no hack took place and that no confidential data was compromised, EC-Council wishes to point out that these documents are copyrighted and are the Intellectual property of EC-Council. Copying, sharing or distributing them in any form without the permission of EC-Council is a violation of International Copyright Laws. The EC-Council Community should always validate where downloads are hosted and ensure that they are always dealing with official files and links from an authorized partner of EC-Council, or EC-Council directly. For questions or concerns about this or any other security related concerns, please contact legal () eccouncil org UPDATED: EC -Council Academy is an Accredited Training Center of EC-Council. They are not a part of the ownership of EC-Council and the incidents are completely unrelated. The ECA compromise happened in 2011 and is not to be confused with contents mentioned herein." _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Ec-council (Certified Ethical Hacker) gets Hacked Javier Villanueva (May 20)
- Re: Ec-council (Certified Ethical Hacker) gets Hacked David Hoelzer (May 20)
- Re: Ec-council (Certified Ethical Hacker) gets Hacked Ryan Dewhurst (May 20)
- Re: Ec-council (Certified Ethical Hacker) gets Hacked iamnowonmai (May 20)
- Re: Ec-council (Certified Ethical Hacker) gets Hacked Robin Wood (May 20)
- Re: Ec-council (Certified Ethical Hacker) gets Hacked Charles Watathi (May 21)
- Re: Ec-council (Certified Ethical Hacker) gets Hacked allison nixon (May 21)
- Re: Ec-council (Certified Ethical Hacker) gets Hacked Patrick Laverty (May 21)
- Re: Ec-council (Certified Ethical Hacker) gets Hacked Carlos Perez (May 21)
- Re: Ec-council (Certified Ethical Hacker) gets Hacked Ryan Dewhurst (May 20)
- Re: Ec-council (Certified Ethical Hacker) gets Hacked yersinia (May 21)
- Re: Ec-council (Certified Ethical Hacker) gets Hacked David Hoelzer (May 20)