EC-Council did not suffer a breach

Report From EC-Council : On May 16th, 2013, EC-Council was notified of an article that stated an alleged hack had taken place on EC-Council Servers. Upon notification, EC-Council immediately investigated the issue. Contrary to the news reported by E Hacking News this week, EC-Council did not suffer a breach, nor was it the victim of a hacking incident.

EC-Council takes these types of incidents very seriously and conducted an extensive investigation as soon as it was notified about the allegation. EC Council’s Information security experts reviewed the information shared through E Hacking News, which is apparently based out of Chennai, India.

EC-Council has determined that the information that was purportedly obtained by the individual by hacking into EC Council’s website was actually obtained due to a human error that allowed “Directory viewing” while a non-production environment was under development. This configuration allows a visitor to view the contents of a web directory much like visiting a web page, however instead of a webpage, the user is able to see links to files in web directories.

This was not a breach and no systems were affected. The files contained in the listed directories were encrypted binary .Resource files; primarily DRM (Digital Rights management) protected documents that EC-Council makes available for download to paying students and organizations globally and some other non confidential files that were already in public circulation. No sensitive data or personal information was compromised.

By nature, these DRM protected documents are fully encrypted and require active accounts with valid credentials to access the contents therein. Files contained in these directories were .Resource files not served by IIS, just listed with read only rights preventing any download or modification of the original files. Directory browsing has been disabled on the one development server in question.

While re-iterating that fact that no hack took place and that no confidential data was compromised, EC-Council wishes to point out that these documents are copyrighted and are the Intellectual property of EC-Council. Copying, sharing or distributing them in any form without the permission of EC-Council is a violation of International Copyright Laws.

The EC-Council Community should always validate where downloads are hosted and ensure that they are always dealing with official files and links from an authorized partner of EC-Council, or EC-Council directly.

For questions or concerns about this or any other security related concerns, please contact legal@eccouncil.org

About these ads

Backtrack 5 r3 Tutorial

Hi Guys,

Soon We are going to post backtrack tutorial (tricks) in our website. We hope it will be useful for everyone who really loves backtrack.  And whatever we post that will be for security purpose, not for hacking or offensive purpose.

And we invite everyone who wants to post any new tricks in backtrack or Android hacking tips. 

Contact us through our contact us form. We will display the author name under every post that you send. You can use your nick names also.. And all your other details should be hidden and safe in our hand. We won’t disclose any details of yours at any time to anyone..

So Be ready to rock with backtrack – The Hunter