Grendel, I am overseas, and I am concerned about waking up at 11-12 pm to take the classes, is it possible for you guys to offer recorded sessions available anytime?

The vulnerabilities were a TCP Sequence number Approximation vulnerability CVE-2004-0230

2 instances of Nameserver Processes Recursive Queries

ICMP timestamp response cve 1999-0524

and unencrypted telnet service available

The only one I am familiar with is the Timestamp vulnerability, having remediated it on my PC previously. I attempted to telnet to the device, but didnt have  any luck, the connection appeared to be established but I didnt receive any data on the terminal emulator.

EC-Council offers various self study options, you can order the materials and self study, or you can use their iClass online training, or of course you can take a training course through one of their ATC's. (traditional training vendors, Global Knowledge, Training Camp, Intense School, ect.)

Upside is that taking a course (including their iClass) waves the experience requirement, as long as they are an ATC.

I decided to include one of my routers in my vulnerability scan, I dont know why I didnt think of it earlier... Anyway, it came up with approx 5 vulnerabilities. Now this is a commercial Netgear WGR614v10 router. The scanner detected the OS as Linux, but I am not aware of any way to communicate with the OS outside of the GUI web interface. So how can I re-mediate these vulnerabilities? There is no firmware update available for the device.

I considered trying to load DD-WRT on another device I had at one point but I am unfamiliar with it.. looking at the DDWRT site, it is in progress for v9 of the firmware for this device, I have no idea how well the list or the project is maintained.

Check out this thread: http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6560.0/

Welcome to EH.net

You will be able to take v6 for approx 6 months after v7 is launched. Personally I would be careful taking v7 based off of v6 material, if only because the v6 material is focused at older OS'. You may not know the attack vectors for a monern OS that will be tested such as vista/W7.

No south korea...

yeah, but the v7 looks so much better!

The only thing I saw were the names of training providers, not locations, i.e. Global Knowledge, New horizons. But I didnt select anything, so there may have been extra menu's when selected.

I wasnt aware of that! Thanks for the info.

Also the CIW Web Foundations (formerly CIW Associate) cert counts for a year of experience.

I am very frustrated, having started studying for v6 this month, and now v7 is being released during the middle of my busy work time, and im out of the country. Are any of the classes being held international? I'm sure they might put it up for one of the international Hacker Halted events...

I think we have different views of the meaning of de-valued. I generally have a different view of certifications and their value.

Specifically in my post I meant to say that the cert should not loose its value to an individual because of the number of holders. Its like degrees. It happens, but I dont agree with it.

Certs will always loose marketplace value due to the number of holders, a good employer wont pay attention to that, and instead will look for knowedge and experience. I too think that most CEH's will continue to back up their knowledge with practical certs, but I am wary of fully supporting the statement, they give prospective students a bad view of the certs.

Unfortunately no, you are not. However, I would say that they provide a good certification platform. People do learn from their classes and certs. They also offer a degree through their ECU program (I wish they would work an a BS level degree though).

For instance, the Security|5 is an entry level security cert marketed towards companies to assist in employee security awareness. When I say this exam was entry level, I mean it. However, an employee who took the training seriously would be able to work more securely.

The ENSA is a sysadmin network defense cert. and yet it seems to receive less push in the field than the CEH. I personally see network defense as at least as critical than offensive testing. Hense, it is very difficult to find ENSA study material. (My official courseware is outdated)

Price: I would say EC-Council courseware is expensive.  This is to be expected with the massive books that they ship out. But it stopped me from ordering the updated ENSA courseware, and the official CEH material.

I think also that some people have marked on CEH in the past for the images they use in their books and the certs, I think this has been fixed in the major courses.

Ultimatly, The biggest thing for ECC is that I see many professionals have used it (CEH) as a launching point for their security careers. Many of the older versions had negative reviews, but I constantly see CEH as the second cert a pentester should aim for in the pursuit of knowledge.