EC-Council – CEH – Unethical Behavior
The EC-Council or ‘The International Council of E-Commerce Consultants’ as they like to call themselves offer a range of different services, mostly in the field of Information Security training and certifications. One of their certifications, the Certified Ethical Hacker (CEH) claims to aspire to training ‘ethical’ hackers.
“CEHv7 provides a comprehensive ethical hacking and network security-training program to meet the standards of highly skilled security professionals.”
What I have found is the way the EC-Council promote their CEH is less than ethical and damn right unethical.
A comment left on my blog quite a while ago (2010/04/20 at 6:18 am), looked fairly authentic, however, when investigating a little further it was clear to me that the comment was in fact SPAM.
“smith said…
Hey folks, Thanks for sharing your views,article includes a very good information about the ethical hacking, the most interesting job in the field of computer security is being an ethical hacker,so i striven into the field of CEH, for more information on CEH check this link http://www.eccouncil.org/certification/certified_ethical_hacker.aspx”
WPScan 1.1 released
I am pleased to announce, after 5 months of work, that WPScan version 1.1 has been released!
With 780 more lines of code the most notable changes are:
Detection for 750 more plugins.
Detection for 107 new plugin vulnerabilities.
Detection for 447 possible timthumb file locations.
Advanced version fingerprinting implemented.
Full Path Disclosure (FPD) checks.
Auto updates.
Progress indicators.
Improved custom 404 checking.
Improved plugin detection.
Improved error_log checking.
Lots of bugs fixed.
Lots of small tweaks.
A full list of changes can be found here:
http://code.google.com/p/wpscan/source/browse/trunk/CHANGELOG
WordPress ‘In the Wild’ and WPScan Update
As part of my on-going interest in WordPress security I wanted to find out for myself what the state of security was like on installations in the wild.
A list of servers running WordPress was acquired from Shodan by searching for a particular HTTP response header and its value. The list contained 10,000 entries, I don’t know for sure, but I assume the list contained servers from around the world and was fairly random.
An Open Source project I have been working on, WPScan, a WordPress security scanner, was used to passively scan 100 of those WordPress installations. This was done partly to test the scanner for any defects and also to gather data about the security of WordPress installations in the wild.