Close to 2,000 Kenyan websites hacked over past year
According to http://www.zone-h.org/archive/filter=1/domain=.co.ke/fulltext=1/page=50 - almost 2,000 Kenyan websites have been hacked between February 2011 and February 2012 to varying degrees ranging from home page defacements, mass defacements and redefacements. Is it time for us to start seriously talking about how to go about addressing our online security as a national concern? Regards, Brian On Mon, Feb 13, 2012 at 5:54 PM, Brian Munyao Longwe <blongwe@gmail.com> wrote:
Also from Twitter today:
"KCB Group - Informed your Info Sec guy of a Dir Listing and Privilege Escalation vulnerability on your site. No action so far."
Kenya Commercial Bank website continues with known vulnerabilities as their IT sercurity personnel enjoy their fat salaries and benefits - do we *really* have conscientious and professional Info-security personnel in KE?
Brian
On Mon, Feb 13, 2012 at 5:42 PM, Brian Munyao Longwe <blongwe@gmail.com> wrote:
From Twitter today:
"Multiple Vulnerabilities found on Oriental Bank's website. Default configs for the site left shamelessly around."
Kuna shida kweli,
Brian
On Sun, Feb 12, 2012 at 1:29 PM, Brian Munyao Longwe <blongwe@gmail.com> wrote:
...and in other news, Rwanda hosts a cyber-security conference next month...
http://aptantech.com/2012/02/rwanda-to-host-cyber-security-workshop/
Mblayo
On Sat, Feb 11, 2012 at 10:04 PM, Michuki Mwangi <michuki@swiftkenya.com> wrote:
Hi Brian, et al,
On 2/11/12 9:28 PM, Brian Munyao Longwe wrote:
Hey Michuki,
A group calling themselves "Rwandan-Hackers" compromised the Standard Media website yesterday and published online a list of KTN Live members which included username, encrypted password and email addresses, a snippet follows:
So this brings on a new perspectives to the discussion.
1. The great connectivity that we have has not only exposed us to external threats but also to Internal threats.
2. It also clears the fact that it doesnt matter where your website is hosted since this website is hosted in the US just like the Toyota one.
3. The attack is through an SQL injection which IMHO exposes the depth of our web-developers.
Point 3 above leads me to a conclusion that the CxO's are making the necessary investments. But it looks like the ball is dropped elsewhere.
my 2 cents!.
Mich
-- Brian Munyao Longwe e-mail: blongwe@gmail.com cell: +254715964281 blog : http://zinjlog.blogspot.com meta-blog: http://mashilingi.blogspot.com
-- Brian Munyao Longwe e-mail: blongwe@gmail.com cell: +254715964281 blog : http://zinjlog.blogspot.com meta-blog: http://mashilingi.blogspot.com
"Give us clear vision that we may know where to stand and what to stand for, because unless we stand for something, we shall fall for anything."
-- Brian Munyao Longwe e-mail: blongwe@gmail.com cell: +254715964281 blog : http://zinjlog.blogspot.com meta-blog: http://mashilingi.blogspot.com
"Give us clear vision that we may know where to stand and what to stand for, because unless we stand for something, we shall fall for anything."
-- Brian Munyao Longwe e-mail: blongwe@gmail.com cell: +254715964281 blog : http://zinjlog.blogspot.com meta-blog: http://mashilingi.blogspot.com "Give us clear vision that we may know where to stand and what to stand for, because unless we stand for something, we shall fall for anything."
participants (1)
-
Brian Munyao Longwe