KPMG Report Exposes Major Security Gaps in Register
Listers Not sure whether this was posted earlier. At least 10 security loopholes that could be exploited to manipulate the August 8 General Election have been exposed in an audit report of the country’s voter register. The voter roll lacks mandatory security features and could therefore be easily hacked into and data of the 19.6 million registered voters deleted, added or amended, according to the audit report by KPMG. Read on:- http://theglobe.ng/news/2472 Ali Hussein Principal Hussein & Associates +254 0713 601113 Twitter: @AliHKassim Skype: abu-jomo LinkedIn: http://ke.linkedin.com/in/alihkassim "We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle Sent from my iPad
Hi Ali, This is quite unfortunate. It would be re-assuring to hear from our colleagues at the IEBC who are also on the list the steps they have taken to address this concerns. Thank you Best Regards On 7/14/17, Ali Hussein via kictanet <kictanet@lists.kictanet.or.ke> wrote:
Listers
Not sure whether this was posted earlier.
At least 10 security loopholes that could be exploited to manipulate the August 8 General Election have been exposed in an audit report of the country’s voter register.
The voter roll lacks mandatory security features and could therefore be easily hacked into and data of the 19.6 million registered voters deleted, added or amended, according to the audit report by KPMG.
Read on:-
Ali Hussein Principal Hussein & Associates +254 0713 601113
Twitter: @AliHKassim Skype: abu-jomo LinkedIn: http://ke.linkedin.com/in/alihkassim
"We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle
Sent from my iPad
-- Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A
@Barrack, Indeed, the gaps leave us quite exposed. Here is my piece on how they can be exploited.
. WALUBENGO: The IEBC’s 'complementary system' is manual, after
| | | | | | | | | | | WALUBENGO: The IEBC’s 'complementary system' is manual, after We have a situation on our hands. The dead voters can still 'wake up' and vote | | | | walu. From: Barrack Otieno via kictanet <kictanet@lists.kictanet.or.ke> To: jwalu@yahoo.com Cc: Barrack Otieno <otieno.barrack@gmail.com> Sent: Friday, July 14, 2017 9:12 AM Subject: Re: [kictanet] KPMG Report Exposes Major Security Gaps in Register Hi Ali, This is quite unfortunate. It would be re-assuring to hear from our colleagues at the IEBC who are also on the list the steps they have taken to address this concerns. Thank you Best Regards On 7/14/17, Ali Hussein via kictanet <kictanet@lists.kictanet.or.ke> wrote:
Listers
Not sure whether this was posted earlier.
At least 10 security loopholes that could be exploited to manipulate the August 8 General Election have been exposed in an audit report of the country’s voter register.
The voter roll lacks mandatory security features and could therefore be easily hacked into and data of the 19.6 million registered voters deleted, added or amended, according to the audit report by KPMG.
Read on:-
Ali Hussein Principal Hussein & Associates +254 0713 601113
Twitter: @AliHKassim Skype: abu-jomo LinkedIn: http://ke.linkedin.com/in/alihkassim
"We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle
Sent from my iPad
-- Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Okay now we have a problem IEBC technical team can you please respond to this regards Barry Macharia
On 14 Jul 2017, at 07:20, Ali Hussein via kictanet <kictanet@lists.kictanet.or.ke> wrote:
Listers
Not sure whether this was posted earlier.
At least 10 security loopholes that could be exploited to manipulate the August 8 General Election have been exposed in an audit report of the country’s voter register.
The voter roll lacks mandatory security features and could therefore be easily hacked into and data of the 19.6 million registered voters deleted, added or amended, according to the audit report by KPMG.
Read on:-
http://theglobe.ng/news/2472 <http://theglobe.ng/news/2472>
Ali Hussein Principal Hussein & Associates +254 0713 601113
Twitter: @AliHKassim Skype: abu-jomo LinkedIn: http://ke.linkedin.com/in/alihkassim <http://ke.linkedin.com/in/alihkassim> "We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle
Sent from my iPad _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/barry.macharia%40me.co...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Thanks @Ali for the share. This is one big pile of problems. 78% of data transferred manually? What surprises me more is "KPMG observed that there are two active default administrator accounts whose default passwords have not been changed." I think these are the security basics even no technical person knows. In my opinion its either we are not ready at all or IEBC does not know exactly what they are doing with this system. @Barrack I think you are right IEBC needs to respond on what its actually doing to resolve these issues. On Fri, Jul 14, 2017 at 11:02 AM, awatila--- via kictanet < kictanet@lists.kictanet.or.ke> wrote:
in today's paper iebc talked of setting up a dr site to mitigate some of the identied risks
On Jul 14, 2017 8:58 AM, Barry Macharia via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Okay now we have a problem IEBC technical team can you please respond to this
regards Barry Macharia
On 14 Jul 2017, at 07:20, Ali Hussein via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Listers
Not sure whether this was posted earlier.
At least 10 security loopholes that could be exploited to manipulate the August 8 General Election have been exposed in an audit report of the country’s voter register.
The voter roll lacks mandatory security features and could therefore be easily hacked into and data of the 19.6 million registered voters deleted, added or amended, according to the audit report by KPMG.
Read on:- http://theglobe.ng/news/2472
*Ali Hussein* *Principal* *Hussein & Associates* +254 0713 601113
Twitter: @AliHKassim Skype: abu-jomo LinkedIn: http://ke.linkedin.com/in/alihkassim
"We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle
Sent from my iPad _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/barry.macharia%40me.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/toilemgodwin%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Kind Regards, Toilem Poriot Godwin *Be not afraid of greatness. Some are born great, some achieve greatness, and some have greatness thrust upon ‘em — WILLIAM SHAKESPEARE*
Thanks for sharing this Ali, and to echo Barracks comments this is quite worrisome. I would also like to know what IEBC is currently doing to address the security gaps identified. Regards, Sylvia From: "Ali Hussein via kictanet" <kictanet@lists.kictanet.or.ke> To: smusalagani@hivos.org Cc: "Ali Hussein" <ali@hussein.me.ke> Sent: Friday, 14 July, 2017 07:20:22 Subject: [kictanet] KPMG Report Exposes Major Security Gaps in Register Listers Not sure whether this was posted earlier. At least 10 security loopholes that could be exploited to manipulate the August 8 General Election have been exposed in an audit report of the country’s voter register. The voter roll lacks mandatory security features and could therefore be easily hacked into and data of the 19.6 million registered voters deleted, added or amended, according to the audit report by KPMG. Read on:- http://theglobe.ng/news/2472 Ali Hussein Principal Hussein & Associates +254 0713 601113 Twitter: @AliHKassim Skype: abu-jomo LinkedIn: http://ke.linkedin.com/in/alihkassim "We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle Sent from my iPad _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/smusalagani%40hivos.or... The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
participants (7)
-
Ali Hussein -
awatila@yahoo.co.uk -
Barrack Otieno -
Barry Macharia -
Sylvia Musalagani -
Toilem Godwin -
Walubengo J