On Dec 11, 2007 4:54 PM, John Walubengo <jwalu@yahoo.com> wrote:
--- Odhiambo Washington <odhiambo@gmail.com> wrote:
Hey, Walu, it's just the website, the content of which is for public consumption (and public defacing whenever possible to prove a point). <<<<<
Wash, true, it's just a website and i am definate that there was nothing critical or sensitive on the site...but think about it this way, whoever defaced the site had to gain admininistrator rights on the box and from there he or she could launch an attack onto other probably more sensitive boxes within NSIS(the intranet)...
Fortunately, it was external to NSIS intranet (if there is any, I don't know).
yes, i too checked out and noted their domain (nsis.go.ke) is hosted at wananchi online. what I dont know is whether the content(website) is there as well or is in-house at NSIS which could raise the stakes abit....
Let's just say all's well that ends well. The site was fixed soon after you posted. They just need to audit the security of that webserver thoroughly. Unless this is done, the security hole is very much in place and will be abused again. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Oh My God! They killed init! You Bastards!" --from a /. post