Aaron Toponce ⚛️ @atoponce@fosstodon.org

EC-Council Deflects After Calls of Most Recent Plagiarism

https://attrition.org/errata/charlatan/ec-council/2021-eccouncil-response-to-plagiarism.html

I'm a metalhead. Not American counter culture metal. I need quality story telling, melody and harmony, speed, and a strong beat. Bands like Iron Maiden, Helloween, Edguy, Dragonforce, etc.

Tonight, I discovered a completely different genre: hardstyle. I'm hooked.

I should test every non-alphabetic character one-by-one and find out which work, and which don't.

I already know "-" doesn't work, and "!" does. 2 down, 30 to go.

Meh. I've got other things to do.

Just so I'm not missing anything, this is the password requirements that are being communicated.

1. "Special characters" means only "!".
2. Change password error says 20 character max.
3. Requirement say 60 character max.
4. 80 characters works.
5. The CAPTCHA is a lie.

Ah, there it is. It appears that the only special character that works, is "!".

$ tr -cd 'a-zA-Z0-9\!' < /dev/urandom | head -c 43; echo
aULDt!oZaEWspUk9hQZL!J!J7HFXIwSRNf79Ss!7mCY

Trying this time in a vanilla Microsoft Edge in Windows 10. Let's see if a CAPTCHA exists.

Nope. Further,

XqTm-54ZUxkKJAi

Doesn't meet the password requirement policy of:

"password length should be 8-60,at least contain a lower case letters(a-z), and uppercase letters(a-z),numbers(0-9) and special characters."

(Grammar and punctuation errors theirs)

Yeah, no. You can't have my phone number.

What CAPTCHA??? My adblocker is even off. There's nothing there.

fapnaj-8iKjit-fufbit-xagsyv

Doesn't meet the password policy.

* lowercase
* uppercase
* digits
* special characters

C'mon EC-COUNCIL, get your shit together.

This is all sorts of broken. If I do a 20 character random ASCII base-94 password, it tells me I am not meeting password requirements.

E.G.: :@,/BkE)Z4xKc~_)M@6E

If I do a 60 character random ASCII base-94 password, it tells me I need to complete the non-existing CAPTCHA.

When you get the confirmation that you passed your exam from EC-Council, you setup an account at their ASPEN service.

It won't let you paste in a password from your password manager. You either have to type it in manually, or let the browser auto-fill.

https://aspen.eccouncil.org/Account/PasswordReset

Definitely had hookers and blow on his brain in his final moments.

https://www.msn.com/en-us/news/world/john-mcafee-found-dead-in-spanish-prison/ar-AALmDVS

Curious if the NSA will ration their water use in Bluffdale, #Utah due to our extreme drought.

From 2014:

"Estimates have ballparked the water usage ... around 1.2 to 1.7 million gallons every day..."

If we're grass shaming, we can start here.

#utpol

https://archive.thinkprogress.org/nsa-tries-to-keep-its-water-use-a-secret-but-drought-stricken-utah-isnt-buying-it-da5c80b5d0f4/

Rewriting the GNU Coreutils in Rust.

https://lwn.net/Articles/857599/

Anyone willing to gown this rabbit hole?

https://web.archive.org/web/*/https://blog.eccouncil.org

"Frameworks such as ATT&CK and D3FEND provide mission-agnostic tools for industry and government to conduct analyses and communicate findings."

https://www.nsa.gov/news-features/press-room/Article/2665993/nsa-funds-development-release-of-d3fend/

#ECCPlagiarism started becoming a thing on Twitter, as there were at least 5 other blog posts by different authors in the community that were found to be plagiarized.

So what did EC-Council do? Take down the entire blog of course!

Is it just me, or does that also tell you they're afraid of discovery?

Here's their statement regard the plagiarism. It's as hollow as you would imagine.

More "ethics" from EC Council.

https://attrition.org/errata/charlatan/ec-council/

Don't get your certs from EC Council.

Not only are they not taken seriously in the security industry (they're garbage), it's clear the organization itself is incapable of following the ethics it teaches.

If you need security certs, get them from SANS.

Let's talk about some recent actions EC Council.

They published a sexist survey about women in cybersecurity. They got called out on it, including Alyssa Miller, a cybersecurity expert.

https://twitter.com/AlyssaM_InfoSec/status/1380492934701838336

She wrote a blog post in December 2020 about being a BISO.

https://alyssasec.com/2020/12/what-is-a-business-information-security-officer

EC Council plagiarized it in March 2021, with no attribution.

https://web.archive.org/web/20210301121829/https://blog.eccouncil.org/business-information-security-officer-biso-all-you-need-to-know/

Called out again? Yup.

https://twitter.com/AlyssaM_InfoSec/status/1406675615109894144

This org that offers 2 certs with "ethical" in their names.