top tier security website hacked, snowden passport leaked, lulz etc

[sonatine]

so www.ec-council.org belongs to the organization responsible for certifying information security professionals with, for example, the CEH (Certified Ethical Hacker) cert, which is certainly considered desirable by many employers, although it enjoys far less prestige among security professionals themselves.

reason being; its kiiiiiind of a bullshit cert. very little of the knowledge certification implies is contemporary or street level, so the certification basically turns into an exersize in memorization, as opposed to the CISA or CISSP certs, which actually require a strong knowledge of management and policy to obtain, or certs like the OSCP which require a demonstrated grasp of offensive tools and tactics to obtain. mind you, its not the worst cert out there, but it implies a level of competence that it fails to deliver on, in some opinions, including my own.

anyway, the question of whether or not ec-council.org certification is valid or not is now moot, since someone *broke into their servers* and harvested thousands of documents, including Snowden's passport (see pic below) and documents/passports belonging to everyone who ever applied for the certification.




to quote the attacker:

“owned by certified unethical software security professional
Obligatory link: http://attrition.org/errata/charlatan/ec-council/ -Eugene Belford
P.S It seems like lots of you are missing the point here, I’m sitting on thousands of passports belonging to LE (and .mil) officials”

[anonamoose]

so www.ec-council.org belongs to the organization responsible for certifying information security professionals with, for example, the CEH (Certified Ethical Hacker) cert, which is certainly considered desirable by many employers, although it enjoys far less prestige among security professionals themselves.

reason being; its kiiiiiind of a bullshit cert. very little of the knowledge certification implies is contemporary or street level, so the certification basically turns into an exersize in memorization, as opposed to the CISA or CISSP certs, which actually require a strong knowledge of management and policy to obtain, or certs like the OSCP which require a demonstrated grasp of offensive tools and tactics to obtain. mind you, its not the worst cert out there, but it implies a level of competence that it fails to deliver on, in some opinions, including my own.

anyway, the question of whether or not ec-council.org certification is valid or not is now moot, since someone *broke into their servers* and harvested thousands of documents, including Snowden's passport (see pic below) and documents/passports belonging to everyone who ever applied for the certification.




to quote the attacker:

“owned by certified unethical software security professional
Obligatory link: http://attrition.org/errata/charlatan/ec-council/ -Eugene Belford
P.S It seems like lots of you are missing the point here, I’m sitting on thousands of passports belonging to LE (and .mil) officials”

Don't know much but I wouldn't really consider this a "hack" in traditional sense

The individual in question is a 15 year old Finnish national by the name of "Julius Kivimaki. Julius socially engineered the DNS provider over the telephone, and then redirected the website to his Ecatel server. The phrase "htp6" in the HTML source is a reference to the hacking group "Hack the Planet", which Julius was previously kicked out of. Julius is on the radar of the FBI, but the FBI refuses to do anything to stop this terrorist, because of his age.

[sonatine]

holy shit youre dumb.

i mean really, in the traditional sense.

dude is sitting on thousands of government passports, but its not a hack because he redirected dns as well?

dont bother to take this personal because this wasnt a post, in the traditional sense.

wow.

[sonatine]

dont even bother responding here. if you wish to discuss the matter you can do it on tydepoker.com.

im done.



DONE.

[anonamoose]

holy shit youre dumb.

i mean really, in the traditional sense.

dude is sitting on thousands of government passports, but its not a hack because he redirected dns as well?

dont bother to take this personal because this wasnt a post, in the traditional sense.

wow.

Yeah, I could do that too if the DNS provider handed me all the information. Real hard. I guess being able to use google makes me a hacker.

[sonatine]

ok that does it.