Just kidding. I’m still doing that. :)
Have a great day.
Just kidding. I’m still doing that. :)
Have a great day.
No it’s not broken. The theme. Yes, the WordPress theme. I chose this to come back to old school. Which I miss.
Oh and by the way, thanks for visiting. This blog hasn’t been really updated in a while. I’m just coming back to update it with the latest WP version (as a janitor as usual).
Have a great day!
Nowadays, hackers all over the world have adopted the battle cry “let the hacking begin”. This was popularized by Actor Jesse Eisenberg in his portrayal of Facebook Founder and CEO Mark Zuckerberg in the hit movie The Social Network. This mantra has hence given Systems Administrators and Webmaster sleepless nights as they try to parry wannabe and serious hackers from invading and infesting their websites and networks. It also encourages hackers to hack away fearlessly and feverishly.
To deter and/or weather these hacking onslaughts, it is best for one to understand how a hacker thinks and acts. Information Security is not limited administrators alone; it also encompasses every Tom, Dick and Harry who even in his/her fleeting moment just happens to be “just passing by”. The security ecosystem is an end-to-end process involving experts and consultants all the way down to the average employee and inquiring customer.
Typically, it takes Security Expert years or decades of trial and error before he can have the titled Consultant, Adviser and/or Certified attached to his/her name. But thanks to the initiatives International Council of Electronic Commerce Consultants (EC-Council), an individual with a good background as a Systems Engineer or Network Analyst can level-up to Certified Ethical Hacker in a matter of 120 hours through the Certified Ethical Hacking (CEH) course. It is now on its 7th edition since its inception around a decade ago. As per the EC-Council web site, “the United States Department of Defense has included the CEH program into its Directive 8570, making it as one of the mandatory standards to be achieved by Computer Network Defenders Service Providers (CND-SP)”.
CEHv7 (https://www.eccouncil.org/certification/certified_ethical_hacker.aspx) was launched in the Philippines through an inaugural class of 12 students last March 14, 2011 by MISNet Education Inc. The 5-day course also included EC-Council “ambassadors” who came from India, Pakistan and Dubai to participate and evaluate the course. The instructor was a veteran Philippine IT Security Expert who has been teaching the course since CEHv2 back in 2002. He is one of three Filipino certified CEH trainers.
Seven as the course has been nicknamed has 19 modules, namely Introduction to Ethical Hacking; Foot printing and Reconnaissance; Scanning Networks; Enumeration; System Hacking; Trojans and Backdoors; Viruses and Worms; Sniffers; Social Engineering; Denial of Service; Session Hijacking; Hacking Web Servers; Hacking Web Applications; SQL Injection; Hacking Wireless Networks; Evading IDS, Firewalls and Honeypots; Buffer Overflow; Cryptography; and Penetration Testing. Course was also updated to encompass Windows Server 8 R2 with Hyper V.
Upon completing the course, the attendee is encouraged to take the CEHv7 Exam (Ethical Hacking and Countermeasures v7) which has 150 questions and is good for 4 hours. The passing score is 70 percent. Although it is a difficult exam, the CEHv7 training course prepares the attendee thoroughly with a battery of classroom lectures, field work and laboratory hands-on. One of the attendees even took the exam prior to the course’s end, and passed it with a score of 76 percent.
Although the course is typically attended by Systems and Network people, it is also recommended for programmers who develop applications that are exposed externally. These programs are often exposed to attacks like SQL Injection, Port Scanning and Worms to name a few. A small opening or loophole is precisely what a hacker needs to bring down any application or system, whether is protected by state of the art devices or software.
The course is also a good springboard for careers in Penetration Testing, Security Analyst and Forensic Investigator. It is also well-recommended for one involved in security, from business owners to IT executives. Even students or someone with a good IT knowledge can attend the course.
The hands-on lab exercises include Google Hacking; War-Driving, WEP Cracking, SQL Injection; Web Vulnerability Scanning, OS Fingerprinting and Sniffing. They were executed using off-the-shelf hardware and software running under the Windows and Linux platforms. As such, attendees were required to fill-up a Non-Disclosure Agreement (NDA) with some “ethical hacking” manifesto prior to the start of the course. Talk about top secret.
CEHv7 course participants were often quizzed by the instructor on past lessons and reminded to put time for lab work to prepare them for the exam. He would also give examples or share insights specific to programmers, administrators, and IT specialists. Hacking gadgets and paraphernalia were also shown to the class for better appreciation.
MISNet Education on the other hand made sure the training venue was very conducive to learning. They paraded state-of-the-art equipment and training methodologies. Attendees were also provided a sumptuous buffer lunch and heavy AM and PM snacks. An after-training social was held on the last day together with simple awarding ceremony where the attendees, EC-Council Ambassadors and Technical Press were recognized by MISNet Education headed by its President, Arnold Cruz.
EC-Council also offers a Master of Security Science who those interested to complete the Security track. Some of their courses include Cyber Marketing; Wireless Network Architect; Network Security Design; E-Business Design; Cyber Law; Disaster Recovery; E-Commerce Architect; E-business Security; Customer Relationship Management; Supply Chain Management; Enterprise Resource Planning; Project Management; and Knowledge Management.
Certifications include Computer Hacking Forensic Investigator (C|HFI); Certified E-Business Associate (C|EA); Certified E-Business Professional (C|EP); EC-Council Certified Security Analyst (E|CSA); Licensed Penetration Tester (L|PT); Certified E-Business Consultant (C|EC); and Certified Technical Consultant (E++|TC). Visit the EC-Council site at http://www.eccouncil.org to learn more.
If you wish to learn more about the CEHv7 course or other trainings from EC-Council and Microsoft, kindly contact MISNet Education at +63(2) 846-8300, and look for their Sales Team (Janice Layug, Tina Mendoza or Vzel Bartolome). You may also visit www.misnet-education.com/learning to know more about their company. You may also like them on Facebook (www.facebook.com/misnet.education) and follow them on Twitter (www.twitter.com/MISNetEducation).
As the CEHv7 marketing materials would say “Defend your Network against Hackers. Master the Hacking Technologies. Become a Certified Ethical Hacker.”
When: 8:00 AM – 5:00 PM – January 30, 2010, Saturday
Where: Hotel Rembrandt – 26 Tomas Morato Extension Quezon City, Philippines
Google Map Location
In partnership with Microsoft Philippines, PHP User Group Philippines
presents PHP Developers Summit 2010. We are inviting you to come and join us in this gathering of the country’s best tech-talents, professionals and web developers promoting the use of PHP and open source solutions in the enterprise and schools. Free flowing coffee with lots of freebies and raffle prizes! So what are you waiting for?
Registration starts at 8:00 AM. See you all there! ^_~
Limited Special Offer
If you register early and pay within the year 2009, you’ll get a
ticket for only Php 1,000.00 and we’ll give you One (1) FREE Microsoft
limited edition thumb drive.
Registration and Ticket Payment Instructions
Online registration website is currently being tested right now. In
the mean time, you could pre-register by sending your name, position,
company and contact details to chean [ at ] phpugph [ dot ] com and by settling your
ticket payment through bank deposit:
Bank Name: Banco de Oro (BDO)
Account Name: PHP User Group Philippines Inc.
Savings Account No. 290226988
Branch: San Juan Branch
To all who would pay for the event tickets, kindly send me a scanned
copy of the deposit slip for payment confirmation.
Thank you very much.
Cherrie Ann B. Domingo
PHP User Group Philippines Inc.
Email: chean [ at ] phpugph [ dot ] com
Phone: (02) 975.6976
I’ve done an audit on the files of phpugph.com’s SMF board and found that a certain user who’s only identity is firstname.lastname@example.org using the IP 184.108.40.206 appended spam links to the Settings.php of SMF.
I’m no security expert, but I think what he did was he uploaded an avatar with a PHP code inside it, found a server/script exploit and ran it. I opened up the avatar (after looking for it for hours) and found this code (see below screenshot). Then he launched the attack from there appending malicious links on a file that is being included everytime SMF draws a page.
A quick Diff on SMF’s base files and our SMF files revealed that a new readme.php was created. And it contained the following:
Decoding that garbled texts reveals that readme.php was run on the browser and that was the main cause of appending links on the Settings.php.
I am still baffled by the fact that some people would do such things. Disrupt service for profit? Well, as for krisbarteo, yes you’ve succeeded in doing that. Then what? Happy now? If you only have used that smarts and skills on the good stuff, you’d probably be rich by now.
To all PHPugers, we hope that this thing doesn’t happen again even if we all know that the Internet isn’t safe from these crackers. It’s all good. For now.