On Mon, May 20, 2013 at 5:36 PM, Ryan Dewhurst <[email protected]> wrote: > Anyone a member of their group on linkedin? Seems they posted their official > reply there, but I'm not a member and they're unlikely to aprove my > membership request. > Hi to all
I'm part of the EC-COUNCIL group on linkedin. There were two posts on this topic. The most recent (11 hours ago) is the following " **Updated** Message from EC-Council On May 16th, 2013, EC-Council was notified of an article that stated an alleged hack had taken place on EC-Council Servers. Upon notification, EC-Council immediately investigated the issue. Contrary to the news reported by E Hacking News this week, EC-Council did not suffer a breach, nor was it the victim of a hacking incident. EC-Council takes these types of incidents very seriously and conducted an extensive investigation as soon as it was notified about the allegation. EC Council's Information security experts reviewed the information shared through E Hacking News, which is apparently based out of Chennai, India. EC-Council has determined that the information that was purportedly obtained by the individual by hacking into EC Council's website was actually obtained due to a human error that allowed "Directory viewing” while a non-production environment was under development. This configuration allows a visitor to view the contents of a web directory much like visiting a web page, however instead of a webpage, the user is able to see links to files in web directories. This was not a breach and no systems were affected. The files contained in the listed directories were encrypted binary .Resource files; primarily DRM (Digital Rights management) protected documents that EC-Council makes available for download to paying students and organizations globally and some other non confidential files that were already in public circulation. No sensitive data or personal information was compromised. By nature, these DRM protected documents are fully encrypted and require active accounts with valid credentials to access the contents therein. Files contained in these directories were .Resource files not served by IIS, just listed with read only rights preventing any download or modification of the original files. Directory browsing has been disabled on the one development server in question. While re-iterating that fact that no hack took place and that no confidential data was compromised, EC-Council wishes to point out that these documents are copyrighted and are the Intellectual property of EC-Council. Copying, sharing or distributing them in any form without the permission of EC-Council is a violation of International Copyright Laws. The EC-Council Community should always validate where downloads are hosted and ensure that they are always dealing with official files and links from an authorized partner of EC-Council, or EC-Council directly. For questions or concerns about this or any other security related concerns, please contact [email protected] UPDATED: EC -Council Academy is an Accredited Training Center of EC-Council. They are not a part of the ownership of EC-Council and the incidents are completely unrelated. The ECA compromise happened in 2011 and is not to be confused with contents mentioned herein." _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
