Dear all, I have seen a lot of correspondence put on here and cheer our IT fraternity for leading the dialogues / identifying issues in this respect and other issues collectively; as more corporate's in Kenya particularly join the joys of the WWW, some, mostly dealing in e-services and the like, are just about to start experiencing preliminary stages of cyber crime / cyber attacks such as web vandalism,: which does include web site defacing,...Gathering Data: poaching of data that is not securely handled, and the list goes on....As we approach a new information "era" in EA, it is imperative that the relative authorities look into measures to look address information security and accountability...and if I may mention social responsibility measures where applicable.. that would need to be established accordingly... In anycase, wishing all a great end to the week, and happy belated Jamuhuri day. Regards Mburu, Patrick M. Mburu Director of IT & Training Advanced Technology Solutions -Africa Mob: +254737185675 +393476097758 Email:[email protected] [email protected] ----- Original Message ----- From: "Odhiambo Washington" <[email protected]> To: <[email protected]> Cc: "KICTAnet ICT Policy Discussions" <[email protected]> Sent: Tuesday, December 11, 2007 3:35 PM Subject: Re: [kictanet] NSIS website hacked?
On Dec 11, 2007 4:54 PM, John Walubengo <[email protected]> wrote:
--- Odhiambo Washington <[email protected]> wrote:
Hey, Walu, it's just the website, the content of which is for public consumption (and public defacing whenever possible to prove a point). <<<<<
Wash, true, it's just a website and i am definate that there was nothing critical or sensitive on the site...but think about it this way, whoever defaced the site had to gain admininistrator rights on the box and from there he or she could launch an attack onto other probably more sensitive boxes within NSIS(the intranet)...
Fortunately, it was external to NSIS intranet (if there is any, I don't know).
yes, i too checked out and noted their domain (nsis.go.ke) is hosted at wananchi online. what I dont know is whether the content(website) is there as well or is in-house at NSIS which could raise the stakes abit....
Let's just say all's well that ends well. The site was fixed soon after you posted. They just need to audit the security of that webserver thoroughly. Unless this is done, the security hole is very much in place and will be abused again.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"Oh My God! They killed init! You Bastards!" --from a /. post
_______________________________________________ kictanet mailing list [email protected] http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: [email protected] Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/patrick.mburu%40gmail.c...