To deter and/or weather these hacking onslaughts, it is best for one to understand how a hacker thinks and acts.  Information Security is not limited administrators alone; it also encompasses every Tom, Dick and Harry who even in his/her fleeting moment just happens to be “just passing by”.  The security ecosystem is an end-to-end process involving experts and consultants all the way down to the average employee and inquiring customer.

Typically, it takes Security Expert years or decades of trial and error before he can have the titled Consultant, Adviser and/or Certified attached to his/her name.  But thanks to the initiatives International Council of Electronic Commerce Consultants (EC-Council), an individual with a good background as a Systems Engineer or Network Analyst can level-up to Certified Ethical Hacker in a matter of 120 hours through the Certified Ethical Hacking (CEH) course.  It is now on its 7th edition since its inception around a decade ago.  As per the EC-Council web site, “the United States Department of Defense has included the CEH program into its Directive 8570, making it as one of the mandatory standards to be achieved by Computer Network Defenders Service Providers (CND-SP)”.

CEHv7 (https://www.eccouncil.org/certification/certified_ethical_hacker.aspx) was launched in the Philippines through an inaugural class of 12 students last March 14, 2011 by MISNet Education Inc.  The 5-day course also included EC-Council “ambassadors” who came from India, Pakistan and Dubai to participate and evaluate the course.  The instructor was a veteran Philippine IT Security Expert who has been teaching the course since CEHv2 back in 2002.  He is one of three Filipino certified CEH trainers.

Seven as the course has been nicknamed has 19 modules, namely Introduction to Ethical Hacking; Foot printing and Reconnaissance; Scanning Networks; Enumeration; System Hacking; Trojans and Backdoors; Viruses and Worms; Sniffers; Social Engineering; Denial of Service; Session Hijacking; Hacking Web Servers; Hacking Web Applications; SQL Injection; Hacking Wireless Networks; Evading IDS, Firewalls and Honeypots; Buffer Overflow; Cryptography; and Penetration Testing.  Course was also updated to encompass Windows Server 8 R2 with Hyper V.

Upon completing the course, the attendee is encouraged to take the CEHv7 Exam (Ethical Hacking and Countermeasures v7) which has 150 questions and is good for 4 hours.  The passing score is 70 percent.  Although it is a difficult exam, the CEHv7 training course prepares the attendee thoroughly with a battery of classroom lectures, field work and laboratory hands-on.  One of the attendees even took the exam prior to the course’s end, and passed it with a score of 76 percent.

Although the course is typically attended by Systems and Network people, it is also recommended for programmers who develop applications that are exposed externally.  These programs are often exposed to attacks like SQL Injection, Port Scanning and Worms to name a few.  A small opening or loophole is precisely what a hacker needs to bring down any application or system, whether is protected by state of the art devices or software.

The course is also a good springboard for careers in Penetration Testing, Security Analyst and Forensic Investigator.  It is also well-recommended for one involved in security, from business owners to IT executives.  Even students or someone with a good IT knowledge can attend the course.

The hands-on lab exercises include Google Hacking; War-Driving, WEP Cracking, SQL Injection; Web Vulnerability Scanning, OS Fingerprinting and Sniffing.  They were executed using off-the-shelf hardware and software running under the Windows and Linux platforms.  As such, attendees were required to fill-up a Non-Disclosure Agreement (NDA) with some “ethical hacking” manifesto prior to the start of the course.  Talk about top secret.

CEHv7 course participants were often quizzed by the instructor on past lessons and reminded to put time for lab work to prepare them for the exam.  He would also give examples or share insights specific to programmers, administrators, and IT specialists.  Hacking gadgets and paraphernalia were also shown to the class for better appreciation.

MISNet Education on the other hand made sure the training venue was very conducive to learning.  They paraded state-of-the-art equipment and training methodologies.  Attendees were also provided a sumptuous buffer lunch and heavy AM and PM snacks.  An after-training social was held on the last day together with simple awarding ceremony where the attendees, EC-Council Ambassadors and Technical Press were recognized by MISNet Education headed by its President, Arnold Cruz.

EC-Council also offers a Master of Security Science who those interested to complete the Security track.  Some of their courses include Cyber Marketing; Wireless Network Architect; Network Security Design; E-Business Design; Cyber Law; Disaster Recovery; E-Commerce Architect; E-business Security; Customer Relationship Management; Supply Chain Management; Enterprise Resource Planning; Project Management; and Knowledge Management.

Certifications include Computer Hacking Forensic Investigator (C|HFI); Certified E-Business Associate (C|EA); Certified E-Business Professional (C|EP); EC-Council Certified Security Analyst (E|CSA); Licensed Penetration Tester (L|PT); Certified E-Business Consultant (C|EC); and Certified Technical Consultant (E++|TC).  Visit the EC-Council site at http://www.eccouncil.org to learn more.

If you wish to learn more about the CEHv7 course or other trainings from EC-Council and Microsoft, kindly contact MISNet Education at +63(2) 846-8300, and look for their Sales Team (Janice Layug, Tina Mendoza or Vzel Bartolome).  You may also visit www.misnet-education.com/learning to know more about their company.  You may also like them on Facebook (www.facebook.com/misnet.education) and follow them on Twitter (www.twitter.com/MISNetEducation).

As the CEHv7 marketing materials would say “Defend your Network against Hackers.  Master the Hacking Technologies. Become a Certified Ethical Hacker.”

In partnership with Microsoft Philippines, PHP User Group Philippines
presents PHP Developers Summit 2010. We are inviting you to come and join us in this gathering of the country’s best tech-talents, professionals and web developers promoting the use of PHP and open source solutions in the enterprise and schools. Free flowing coffee with lots of freebies and raffle prizes! So what are you waiting for?

Registration starts at 8:00 AM. See you all there! ^_~

Speakers:

Dominick Nowell A. Danao (CEO of Happy Mobile Inc.) – Former VASHead of Sun Cellular. Founder of Pinoymail which he sold to Smart’s Orlando Vea for P100M back in the early 2000s. He is also a Palanca Awardee. He will discuss PHP Development with Yahoo Developer’s Network. He recently won in the Yahoo Open Hack’s Day in Indonesia.
Bing Bryan Tan (President and CEO of Brewed Concepts) – Keynote Speaker
Paolo Alexis Falcone (Senior Developer, Friendster Inc.) – Will discuss PHP Scaling
Alezandra Nicholas (Microsoft Developer Evangelist) – Website spark and Bizspark
Rodney Jao (MCP) – PHP in IIS7 (using Fast CGI) and about PHP and ASP.NET interop via SOAP
Rick Bahague, Jr. (Computer Professionals’ Union) – Windows Cache Extension for PHP
Globe Labs – Globe Labs API

Sponsors:

Microsoft Philippines
Zend
Globe Labs

Limited Special Offer

If you register early and pay within the year 2009, you’ll get a
ticket for only Php 1,000.00 and we’ll give you One (1) FREE Microsoft
limited edition thumb drive.

Registration and Ticket Payment Instructions

Online registration website is currently being tested right now. In
the mean time, you could pre-register by sending your name, position,
company and contact details to chean [ at ] phpugph [ dot ] com and by settling your
ticket payment through bank deposit:

Bank Name: Banco de Oro (BDO)
Account Name: PHP User Group Philippines Inc.
Savings Account No. 290226988
Branch: San Juan Branch

To all who would pay for the event tickets, kindly send me a scanned
copy of the deposit slip for payment confirmation.

Thank you very much.

Truly yours,
Cherrie Ann B. Domingo
President
PHP User Group Philippines Inc.

Email: chean [ at ] phpugph [ dot ] com
Web: http://www.phpugph.com
Mobile: +63917.865.2412
Phone: (02) 975.6976

I’m no security expert, but I think what he did was he uploaded an avatar with a PHP code inside it, found a server/script exploit and ran it. I opened up the avatar (after looking for it for hours) and found this code (see below screenshot). Then he launched the attack from there appending malicious links on a file that is being included everytime SMF draws a page.

A quick Diff on SMF’s base files and our SMF files revealed that a new readme.php was created. And it contained the following:

Decoding that garbled texts reveals that readme.php was run on the browser and that was the main cause of appending links on the Settings.php.

I am still baffled by the fact that some people would do such things. Disrupt service for profit? Well, as for  krisbarteo, yes you’ve succeeded in doing that. Then what? Happy now? If you only have used that smarts and skills on the good stuff, you’d probably be rich by now.

To all PHPugers, we hope that this thing doesn’t happen again even if we all know that the Internet isn’t safe from these crackers. It’s all good. For now.

Login to PHPUGPH now and grab the exclusive promo code. Hurry! This offer expires October 31, 2008 is extended till the end of the year!

Date: August 7, 2008 (Thursday)
Time: 7:30 AM – 5:00 PM
Venue: Isla Ballroom, Tower Wing, EDSA Shangrila

Globe Labs is a new organization within Globe Telecom whose mission is to help bring in the newest future technology services at the earliest market-relevant time. We explore new and future technologies, and partner with developers to create new Internet, wired and wireless applications.

What Globe have in store for you: Learn, Build, Compete and Succeed

• Discover the different opportunities with Globe Labs
• Learn how to use Telco tools and various development platforms to build innovative applications
• Join the Globe Labs Challenge and compete amongst the best

PHP User Group Philippines, Inc., being one of the institution partners of Globe Labs, has been given 200 SLOTS for this upcoming big event.

We are inviting PHPUGPH members to attend. T-SHIRTS designed for PHPUGPH would be given away as freebies plus exciting raffle prizes awaits you…

***FIRST 300 individual registrants gets a GIFT***

Below are some links of articles regarding the event:
From Businessworld (Entreprenews)
http://entreprenews.com.p…in.php?id=062508.gonzalez
From the Inquirer:
http://technology.inquire…gets-3G-mobile-developers
From the Manila Times:
http://www.manilatimes.ne…htimes/20080627tech5.html
From Manila Bulletin:
http://www.mb.com.ph/INFO20080627128372.html
From PCWorld:
http://www.pcworld.com.ph…5&ID=H,485,PWP,PWP-16
From Yugatech:
http://www.yugatech.com/b…pens-globe-labs-division/
From Globe Labs website:
http://www.globelabs.com…./News/Forms/AllItems.aspx

More information here