No organization is 100% secure whether it is government or corporate or even the company which is into security. After the famous HB Gary’s hack yet another security company (EC-Council) got hacked. EC council provides ethical hacking training as per DOD (8570) standard has been hacked last weekend.
A hacker who identified himself as Eugene Belfort - a play on a character from the 1995 film Hackers, compromised the Photo ID and passport credentials belonging to more than 60,000 ethical hackers and other security professionals who got registered with CEH program of EC-Council. Many of them hold positions in government and military as the program is also recognized by Department of Defense 8570
World’s largest telecom and communications equipment manufacturer, HUAWEI is now being probed by cross-department investigation team under the Govt. of India’s orders to look into alleged hacking of BSNL Network.
IT & Communications Minister KilliKriparani has assured the LokSabha on 5th February during the parliament session that it has come to the ministry’s notice that the BSNL Network in Rajahmundry, Andhra Pradesh has been allegedly hacked by the Chinese company and the government has constituted an inter-ministerial team to investigate the matter. Although the said hacking incident reports have been circulating for months, the minister didn’t share any further details in her written reply as to why the government took so many days to probe in and take action on the international giant.
Heartbleed (CVE-2014-0160), the vulnerability was discovered in a software library used in servers, operating systems and email and instant messaging systems and allows anyone to read the memory of systems using vulnerable versions of OpenSSL software.
What is OpenSSL?
OpenSSL is an open source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols by which email, instant messaging, and some VPNs are kept secure.The vulnerability is called Heartbleed because it's in the OpenSSL implementation of the TLS/DTLS heartbeat extension described in RFC6520, and when it is exploited it can lead to leaks of memory contents from the server to the client and from the client to the server.