Re: Ec-council (Certified Ethical Hacker) gets Hacked

[yersinia <yersinia.spiros () gmail com>]

On Mon, May 20, 2013 at 5:36 PM, Ryan Dewhurst <ryandewhurst () gmail com> wrote:
> Anyone a member of their group on linkedin? Seems they posted their official
> reply there, but I'm not a member and they're unlikely to aprove my
> membership request.
Hi to all

I'm part of the EC-COUNCIL group on linkedin. There were two posts on
this topic. The most recent (11 hours ago) is the following

"

**Updated** Message from EC-Council

On May 16th, 2013, EC-Council was notified of an article that stated
an alleged hack had taken place on EC-Council Servers. Upon
notification, EC-Council immediately investigated the issue. Contrary
to the news reported by E Hacking News this week, EC-Council did not
suffer a breach, nor was it the victim of a hacking incident.

EC-Council takes these types of incidents very seriously and conducted
an extensive investigation as soon as it was notified about the
allegation. EC Council's Information security experts reviewed the
information shared through E Hacking News, which is apparently based
out of Chennai, India.

EC-Council has determined that the information that was purportedly
obtained by the individual by hacking into EC Council's website was
actually obtained due to a human error that allowed "Directory
viewing” while a non-production environment was under development.
This configuration allows a visitor to view the contents of a web
directory much like visiting a web page, however instead of a webpage,
the user is able to see links to files in web directories.

This was not a breach and no systems were affected. The files
contained in the listed directories were encrypted binary .Resource
files; primarily DRM (Digital Rights management) protected documents
that EC-Council makes available for download to paying students and
organizations globally and some other non confidential files that were
already in public circulation. No sensitive data or personal
information was compromised.

By nature, these DRM protected documents are fully encrypted and
require active accounts with valid credentials to access the contents
therein. Files contained in these directories were .Resource files not
served by IIS, just listed with read only rights preventing any
download or modification of the original files. Directory browsing has
been disabled on the one development server in question.

While re-iterating that fact that no hack took place and that no
confidential data was compromised, EC-Council wishes to point out that
these documents are copyrighted and are the Intellectual property of
EC-Council. Copying, sharing or distributing them in any form without
the permission of EC-Council is a violation of International Copyright
Laws.

The EC-Council Community should always validate where downloads are
hosted and ensure that they are always dealing with official files and
links from an authorized partner of EC-Council, or EC-Council
directly.

For questions or concerns about this or any other security related
concerns, please contact legal () eccouncil org

UPDATED:

EC -Council Academy is an Accredited Training Center of EC-Council.
They are not a part of the ownership of EC-Council and the incidents
are completely unrelated. The ECA compromise happened in 2011 and is
not to be confused with contents mentioned herein."
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com