ummm, a CIRT is a Computer Emergency RESPONSE Team. They respond in emergencies (like this), so yes, their mandate is essentially "reactive". -- Cheers, McTim "A name indicates what we seek. An address indicates where it is. A route indicates how we get there." Jon Postel On 1/17/12, Odhiambo Washington <odhiambo@gmail.com> wrote:

Is it Dr. Ndemo the one responsible for the govt websites, or being the PS makes him overall in-charge? Sorry, folks, I simply don't understand this. Now that you have introduced this thing called CIRT (I am hearing about it for the first time!), I have looked up what their mandate is and honestly, I don't see how it comes to this, unless their mandate is "reactive" response. From http://www.cck.go.ke/industry/information_security/certification_service_pro..., I can see this:

*Vision* To make the Internet secure, to develop a world-class security and information base and to become a publicly accessible forum for Internet and computer security.

*Mission* To assist in the development of the Kenya information Society by making the use of computers and the Internet safer.

*Stakeholders* In executing its mandate, the KE-CIRT works with various local stakeholders including various government agencies, the private sector, academia and civil society. The current KE-CIRT stakeholders are as follows: • The various law enforcement agencies; • The Directorate of E-Government; • The Kenya ICT Board; • The Kenya Network Information Centre; • The Telecommunication Service Providers Association of Kenya; • The Kenya Education Network; • The Central Bank of Kenya.

And my conclusion is that the KE-CIRT is a waste of public funds unless I can be given some proof of the work that they have been doing to achieve their "Vision". Their "Mission" is simply a decoration on the wall.

Actually, I don't see what CIRT has got to do with the defacing of the websites. If they have a mandate to audit the development and the hosting environment of these websites, then it simply needs to be disbanded, like yesterday because it is obvious they do not have the capacity.

On Tue, Jan 17, 2012 at 17:50, James Richu <james@jimcomptech.com> wrote:

...

Dear Dr Ndemo,

Can you kindly explain this.........

An Indonesion hacker known as *direxer* has taken down 103 government of Kenya websites overnight. The hacker is part of an online Indonesian security forum known as *Forum Code Security* and says he took down the websites following tutorials from the forum. Such tutorials usually exploit programming errors in code, known as bugs, which have not been fixed.

The hacker appears to have a website at http://www.direxer.com/ though this has not been updated to reflect the hacking. In a message in the forum, the hacker says

*show off by me...*

*thanks for tutorial in www.code-security.com all...*

*i have exploit from cs web, and i attacking to server Goverment Kenya,,,, and then,,, success full... this is deface in this night...*

The government has moved fast to take the affected websites offline through a Cyber Incidence Response Team(CIRT) based at the Communications Commission of Kenya. The CIRT was formed to handle such situations and ensures Kenya's security in cyber space. Vincent Ngundi who heads CIRT has responded with the following comment "*We're on it. Thanks for the heads-up and comments*" in Kenya's *Security Forum* where the news first broke.

The government normally hosts several websites in one server at The Treasury thus compromising the server may expose several websites to a hacker. The Administration Police website has been hacked several times in the recent past. At the same time, most of the websites hacked appear to have been running the Joomla Content Management system,

1. http://www.administrationpolice.go.ke/index.html 2. http://www.aideffectiveness.go.ke/index.html 3. http://www.bungomacounty.go.ke/index.html 4. http://www.businesslicense.go.ke/index.html 5. http://www.cak.go.ke/index.html 6. http://www.commstaskforce.go.ke/index.html 7. http://www.cooperative.go.ke/index.html 8. http://www.crd.go.ke/index.html 9. http://www.crisisrcentre.go.ke/index.html 10. http://www.ditkenya.go.ke/index.html 11. http://www.doshs.go.ke/index.html 12. http://www.economicstimulus.go.ke/index.html 13. http://www.eldoretmunicipal.go.ke/index.html 14. http://www.emu.go.ke/index.html 15. http://www.education.go.ke/index.html 16. http://www.environment.go.ke/index.html 17. http://www.filmservices.go.ke/index.html 18. http://www.fisheries.go.ke/index.html 19. http://www.forestryandwildlife.go.ke/index.html 20. http://www.gender.go.ke/index.html 21. http://www.governmentpress.go.ke/index.html 22. http://www.greenenergy.go.ke/index.html 23. http://www.housing.go.ke/index.html 24. http://www.ifmis.go.ke/index.html 25. http://www.immigration.go.ke/index.html 26. http://www.industrialization.go.ke/index.html 27. http://www.isc.go.ke/index.html 28. http://www.iprs.go.ke/index.html 29. http://www.itentambachtowncouncil.go.ke/index.html 30. http://www.itmis.go.ke/index.html 31. http://www.kenao.go.ke/index.html 32. http://www.kapsabetmunicipal.go.ke/index.html 33. http://www.kenyayearbook.go.ke/index.html 34. http://www.kerugoyakutusmunicipal.go.ke/index.html 35. http://www.kesi.go.ke/index.html 36. http://www.kipi.go.ke/index.html 37. http://www.kisumucountycouncil.go.ke/index.html 38. http://www.kirinyagacountycouncil.go.ke/index.html 39. http://www.kitalemunicipal.go.ke/index.html 40. http://www.kituimunicipal.go.ke/index.html 41. http://www.kkv.go.ke/index.html 42. http://www.knfparms.go.ke/index.html 43. http://www.knsdi.go.ke/index.html 44. http://www.kntc.go.ke/index.html 45. http://www.laikipiacountycouncil.go.ke/index.html 46. http://www.lands.go.ke/index.html 47. http://www.leatherdevelopmentcouncil.go.ke/index.html 48. http://www.limurumunicipal.go.ke/index.html 49. http://www.livestock.go.ke/index.html 50. http://www.lodwarmunicipal.go.ke/index.html 51. http://www.maraguacountycouncil.go.ke/index.html 52. http://www.mariakanitown.go.ke/index.html 53. http://www.maurestoration.go.ke/index.html 54. http://www.migoricountycouncil.go.ke/index.html 55. http://www.minesgeology.go.ke/index.html 56. http://www.mirp.go.ke/index.html 57. http://www.monitoring.go.ke/index.html 58. http://www.moyalecountycouncil.go.ke/index.html 59. http://www.murangacounty.go.ke/index.html 60. http://www.murangamunicipal.go.ke/index.html 61. http://www.nairobicity.go.ke/index.html 62. http://www.naivashamunicipal.go.ke/index.html 63. http://www.nakurucounty.go.ke/index.html 64. http://www.nationaldisaster.go.ke/index.html 65. http://www.nationalheritage.go.ke/index.html 66. http://www.nccs.go.ke/index.html 67. http://www.nec.go.ke/index.html 68. http://www.northernkenya.go.ke/index.html 69. http://www.nyandaruacountycouncil.go.ke/index.html 70. http://www.othayatowncouncil.go.ke/index.html 71. http://www.pec.go.ke/index.html 72. http://www.pfmr.go.ke/index.html 73. http://www.pghnyeri.go.ke/index.html 74. http://www.pharmacy.go.ke/index.html 75. http://www.prisons.go.ke/index.html 76. http://www.psrpc.go.ke/index.html 77. http://www.publichealth.go.ke/index.html 78. http://www.publicservice.go.ke/index.html 79. http://www.publicworks.go.ke/index.html 80. http://www.reformskenya.go.ke/index.html 81. http://www.refugees.go.ke/index.html 82. http://www.regional-dev.go.ke/index.html 83. http://www.roads.go.ke/index.html 84. http://www.rprlgsp.go.ke/index.html 85. http://www.scat.go.ke/index.html 86. http://www.scienceandtechnology.go.ke/index.html 87. http://www.singlewindow.go.ke/index.html 88. http://www.sprogrammes.go.ke/index.html 89. http://www.tabakatown.go.ke/index.html 90. http://www.tanathi.go.ke/index.html 91. http://www.tfdg.go.ke/index.html 92. http://www.technologycentre.ac.ke/index.html 93. http://www.theenergytribunal.go.ke/index.html 94. http://www.thekenyawewant.go.ke/index.html 95. http://www.thikamunicipal.go.ke/index.html 96. http://www.transformingkenya.go.ke/index.html 97. http://www.treasury.go.ke/index.html 98. http://www.ugunjatown.go.ke/index.html 99. http://www.ukwalatown.go.ke/index.html 100. http://www.westernkenya.go.ke/index.html 101. http://www.vihigamunicipal.go.ke/index.html 102. http://www.works.go.ke/index.html 103. http://www.youthaffairs.go.ke/index.html

On Tue, Jan 17, 2012 at 12:00 PM, <kictanet-request@lists.kictanet.or.ke>wrote:

...

Send kictanet mailing list submissions to kictanet@lists.kictanet.or.ke

To subscribe or unsubscribe via the World Wide Web, visit http://lists.kictanet.or.ke/mailman/listinfo/kictanet or, via email, send a message with subject or body 'help' to kictanet-request@lists.kictanet.or.ke

You can reach the person managing the list at kictanet-owner@lists.kictanet.or.ke

When replying, please edit your Subject line so it is more specific than "Re: Contents of kictanet digest..."

Today's Topics:

1. Re: Reality-on Media (bitange@jambo.co.ke)

----------------------------------------------------------------------

Message: 1 Date: Tue, 17 Jan 2012 07:28:07 +0000 From: bitange@jambo.co.ke To: "Pamela" <pamela@cardiacimplants.com>, kictanet-bounces+bitange=jambo.co.ke@lists.kictanet.or.ke Cc: 'KICTAnet ICT Policy Discussions' <kictanet@lists.kictanet.or.ke> Subject: Re: [kictanet] Reality-on Media Message-ID:

<1350874180-1326785244-cardhu_decombobulator_blackberry.rim.net-83781638-@b27.c2.bise7.blackberry

...

Content-Type: text/plain; charset="Windows-1252"

In my view, you can tell if an economy is a middle income or not by checking the availability of toilet paper in the bathroons especially public toilets.

There is a very high correlation of income and such essentials. In developing countries you hardly get toilet at it is stolen by the have nots. Kenya flip flops between low income and lower middle income status. That is why sometimes you get the toilet paper. The World Bank definition is too complex for ordinary people to understand. Take your own sample when you travel and for sure my model works.

Ndemo.

Sent from my BlackBerry?

-----Original Message----- From: "Pamela" <pamela@cardiacimplants.com> Sender: kictanet-bounces+bitange=jambo.co.ke@lists.kictanet.or.keDate: Mon, 16 Jan 2012 16:07:51 To: <bitange@jambo.co.ke> Cc: 'KICTAnet ICT Policy Discussions'<kictanet@lists.kictanet.or.ke> Subject: Re: [kictanet] Reality-on Media

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/bitange%40jambo.co.ke

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

------------------------------

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet

End of kictanet Digest, Vol 56, Issue 53 ****************************************

-- * * *

------------------------ Jim Comptech Consultants ltd. Tel: 254 20 2503637, 254 716 852202, 254 735 195969 Occidental Plaza, 4th Flr., Muthithi Rd. Westlands. P.O.Box 73639 - 00200, Nairobi, Kenya.** http://www.jimcomptech.com*

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/odhiambo%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. Please consider the environment before printing this email.

And that is in conflict with their "Vision" then, otherwise it means theirs is to sit and only "react" in order "To make the Internet secure". Okay, let them have that. How about the "*to develop a world-class security and information base and to become a publicly accessible forum for Internet and computer security*."?? Is there anything like that they have done? I do realize the issue here was about .go.ke websites being defaced. So is it the job of this CIRT to clean the dogs*^t after the dog? :-) On Tue, Jan 17, 2012 at 18:16, McTim <dogwallah@gmail.com> wrote:

ummm, a CIRT is a Computer Emergency RESPONSE Team.

They respond in emergencies (like this), so yes, their mandate is essentially "reactive".

-- Cheers,

McTim "A name indicates what we seek. An address indicates where it is. A route indicates how we get there." Jon Postel

...

Is it Dr. Ndemo the one responsible for the govt websites, or being the PS makes him overall in-charge? Sorry, folks, I simply don't understand

On 1/17/12, Odhiambo Washington <odhiambo@gmail.com> wrote: this.

...

Now that you have introduced this thing called CIRT (I am hearing about it for the first time!), I have looked up what their mandate is and honestly, I don't see how it comes to this, unless their mandate is "reactive" response. From

...

I can see this:

*Vision* To make the Internet secure, to develop a world-class security and information base and to become a publicly accessible forum for Internet and computer security.

*Mission* To assist in the development of the Kenya information Society by making

http://www.cck.go.ke/industry/information_security/certification_service_pro... , the

...

use of computers and the Internet safer.

*Stakeholders* In executing its mandate, the KE-CIRT works with various local stakeholders including various government agencies, the private sector, academia and civil society. The current KE-CIRT stakeholders are as follows: • The various law enforcement agencies; • The Directorate of E-Government; • The Kenya ICT Board; • The Kenya Network Information Centre; • The Telecommunication Service Providers Association of Kenya; • The Kenya Education Network; • The Central Bank of Kenya.

And my conclusion is that the KE-CIRT is a waste of public funds unless I can be given some proof of the work that they have been doing to achieve their "Vision". Their "Mission" is simply a decoration on the wall.

Actually, I don't see what CIRT has got to do with the defacing of the websites. If they have a mandate to audit the development and the hosting environment of these websites, then it simply needs to be disbanded, like yesterday because it is obvious they do not have the capacity.

On Tue, Jan 17, 2012 at 17:50, James Richu <james@jimcomptech.com> wrote:

...

Dear Dr Ndemo,

Can you kindly explain this.........

An Indonesion hacker known as *direxer* has taken down 103 government of Kenya websites overnight. The hacker is part of an online Indonesian security forum known as *Forum Code Security* and says he took down the websites following tutorials from the forum. Such tutorials usually exploit programming errors in code, known as bugs, which have not been fixed.

The hacker appears to have a website at http://www.direxer.com/ though this has not been updated to reflect the hacking. In a message in the forum, the hacker says

*show off by me...*

*thanks for tutorial in www.code-security.com all...*

*i have exploit from cs web, and i attacking to server Goverment Kenya,,,, and then,,, success full... this is deface in this night...*

The government has moved fast to take the affected websites offline through a Cyber Incidence Response Team(CIRT) based at the Communications Commission of Kenya. The CIRT was formed to handle such situations and ensures Kenya's security in cyber space. Vincent Ngundi who heads CIRT has responded with the following comment "*We're on it. Thanks for the heads-up and comments*" in Kenya's *Security Forum* where the news first broke.

The government normally hosts several websites in one server at The Treasury thus compromising the server may expose several websites to a hacker. The Administration Police website has been hacked several times in the recent past. At the same time, most of the websites hacked appear to have been running the Joomla Content Management system,

1. http://www.administrationpolice.go.ke/index.html 2. http://www.aideffectiveness.go.ke/index.html 3. http://www.bungomacounty.go.ke/index.html 4. http://www.businesslicense.go.ke/index.html 5. http://www.cak.go.ke/index.html 6. http://www.commstaskforce.go.ke/index.html 7. http://www.cooperative.go.ke/index.html 8. http://www.crd.go.ke/index.html 9. http://www.crisisrcentre.go.ke/index.html 10. http://www.ditkenya.go.ke/index.html 11. http://www.doshs.go.ke/index.html 12. http://www.economicstimulus.go.ke/index.html 13. http://www.eldoretmunicipal.go.ke/index.html 14. http://www.emu.go.ke/index.html 15. http://www.education.go.ke/index.html 16. http://www.environment.go.ke/index.html 17. http://www.filmservices.go.ke/index.html 18. http://www.fisheries.go.ke/index.html 19. http://www.forestryandwildlife.go.ke/index.html 20. http://www.gender.go.ke/index.html 21. http://www.governmentpress.go.ke/index.html 22. http://www.greenenergy.go.ke/index.html 23. http://www.housing.go.ke/index.html 24. http://www.ifmis.go.ke/index.html 25. http://www.immigration.go.ke/index.html 26. http://www.industrialization.go.ke/index.html 27. http://www.isc.go.ke/index.html 28. http://www.iprs.go.ke/index.html 29. http://www.itentambachtowncouncil.go.ke/index.html 30. http://www.itmis.go.ke/index.html 31. http://www.kenao.go.ke/index.html 32. http://www.kapsabetmunicipal.go.ke/index.html 33. http://www.kenyayearbook.go.ke/index.html 34. http://www.kerugoyakutusmunicipal.go.ke/index.html 35. http://www.kesi.go.ke/index.html 36. http://www.kipi.go.ke/index.html 37. http://www.kisumucountycouncil.go.ke/index.html 38. http://www.kirinyagacountycouncil.go.ke/index.html 39. http://www.kitalemunicipal.go.ke/index.html 40. http://www.kituimunicipal.go.ke/index.html 41. http://www.kkv.go.ke/index.html 42. http://www.knfparms.go.ke/index.html 43. http://www.knsdi.go.ke/index.html 44. http://www.kntc.go.ke/index.html 45. http://www.laikipiacountycouncil.go.ke/index.html 46. http://www.lands.go.ke/index.html 47. http://www.leatherdevelopmentcouncil.go.ke/index.html 48. http://www.limurumunicipal.go.ke/index.html 49. http://www.livestock.go.ke/index.html 50. http://www.lodwarmunicipal.go.ke/index.html 51. http://www.maraguacountycouncil.go.ke/index.html 52. http://www.mariakanitown.go.ke/index.html 53. http://www.maurestoration.go.ke/index.html 54. http://www.migoricountycouncil.go.ke/index.html 55. http://www.minesgeology.go.ke/index.html 56. http://www.mirp.go.ke/index.html 57. http://www.monitoring.go.ke/index.html 58. http://www.moyalecountycouncil.go.ke/index.html 59. http://www.murangacounty.go.ke/index.html 60. http://www.murangamunicipal.go.ke/index.html 61. http://www.nairobicity.go.ke/index.html 62. http://www.naivashamunicipal.go.ke/index.html 63. http://www.nakurucounty.go.ke/index.html 64. http://www.nationaldisaster.go.ke/index.html 65. http://www.nationalheritage.go.ke/index.html 66. http://www.nccs.go.ke/index.html 67. http://www.nec.go.ke/index.html 68. http://www.northernkenya.go.ke/index.html 69. http://www.nyandaruacountycouncil.go.ke/index.html 70. http://www.othayatowncouncil.go.ke/index.html 71. http://www.pec.go.ke/index.html 72. http://www.pfmr.go.ke/index.html 73. http://www.pghnyeri.go.ke/index.html 74. http://www.pharmacy.go.ke/index.html 75. http://www.prisons.go.ke/index.html 76. http://www.psrpc.go.ke/index.html 77. http://www.publichealth.go.ke/index.html 78. http://www.publicservice.go.ke/index.html 79. http://www.publicworks.go.ke/index.html 80. http://www.reformskenya.go.ke/index.html 81. http://www.refugees.go.ke/index.html 82. http://www.regional-dev.go.ke/index.html 83. http://www.roads.go.ke/index.html 84. http://www.rprlgsp.go.ke/index.html 85. http://www.scat.go.ke/index.html 86. http://www.scienceandtechnology.go.ke/index.html 87. http://www.singlewindow.go.ke/index.html 88. http://www.sprogrammes.go.ke/index.html 89. http://www.tabakatown.go.ke/index.html 90. http://www.tanathi.go.ke/index.html 91. http://www.tfdg.go.ke/index.html 92. http://www.technologycentre.ac.ke/index.html 93. http://www.theenergytribunal.go.ke/index.html 94. http://www.thekenyawewant.go.ke/index.html 95. http://www.thikamunicipal.go.ke/index.html 96. http://www.transformingkenya.go.ke/index.html 97. http://www.treasury.go.ke/index.html 98. http://www.ugunjatown.go.ke/index.html 99. http://www.ukwalatown.go.ke/index.html 100. http://www.westernkenya.go.ke/index.html 101. http://www.vihigamunicipal.go.ke/index.html 102. http://www.works.go.ke/index.html 103. http://www.youthaffairs.go.ke/index.html

On Tue, Jan 17, 2012 at 12:00 PM, <kictanet-request@lists.kictanet.or.ke>wrote:

...

Send kictanet mailing list submissions to kictanet@lists.kictanet.or.ke

To subscribe or unsubscribe via the World Wide Web, visit http://lists.kictanet.or.ke/mailman/listinfo/kictanet or, via email, send a message with subject or body 'help' to kictanet-request@lists.kictanet.or.ke

You can reach the person managing the list at kictanet-owner@lists.kictanet.or.ke

When replying, please edit your Subject line so it is more specific than "Re: Contents of kictanet digest..."

Today's Topics:

1. Re: Reality-on Media (bitange@jambo.co.ke)

----------------------------------------------------------------------

Message: 1 Date: Tue, 17 Jan 2012 07:28:07 +0000 From: bitange@jambo.co.ke To: "Pamela" <pamela@cardiacimplants.com>, kictanet-bounces+bitange=jambo.co.ke@lists.kictanet.or.ke Cc: 'KICTAnet ICT Policy Discussions' <kictanet@lists.kictanet.or.ke> Subject: Re: [kictanet] Reality-on Media Message-ID:

<1350874180-1326785244-cardhu_decombobulator_blackberry.rim.net-83781638-@b27.c2.bise7.blackberry

...

...

Content-Type: text/plain; charset="Windows-1252"

In my view, you can tell if an economy is a middle income or not by checking the availability of toilet paper in the bathroons especially public toilets.

There is a very high correlation of income and such essentials. In developing countries you hardly get toilet at it is stolen by the have nots. Kenya flip flops between low income and lower middle income status. That is why sometimes you get the toilet paper. The World Bank definition is too complex for ordinary people to understand. Take your own sample when you travel and for sure my model works.

Ndemo.

Sent from my BlackBerry?

-----Original Message----- From: "Pamela" <pamela@cardiacimplants.com> Sender: kictanet-bounces+bitange=jambo.co.ke@lists.kictanet.or.keDate: Mon, 16 Jan 2012 16:07:51 To: <bitange@jambo.co.ke> Cc: 'KICTAnet ICT Policy Discussions'<kictanet@lists.kictanet.or.ke> Subject: Re: [kictanet] Reality-on Media

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at

http://lists.kictanet.or.ke/mailman/options/kictanet/bitange%40jambo.co.ke

...

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy,

do

...

not spam, do not market your wares or qualifications.

------------------------------

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet

End of kictanet Digest, Vol 56, Issue 53 ****************************************

-- * * *

------------------------ Jim Comptech Consultants ltd. Tel: 254 20 2503637, 254 716 852202, 254 735 195969 Occidental Plaza, 4th Flr., Muthithi Rd. Westlands. P.O.Box 73639 - 00200, Nairobi, Kenya.** http://www.jimcomptech.com*

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at

http://lists.kictanet.or.ke/mailman/options/kictanet/odhiambo%40gmail.com

...

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and

bandwidth,

...

share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. Please consider the environment before printing this email.

-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. Please consider the environment before printing this email.

Harry I agree that a response to this matter is necessary. Lets allow a representative from the Directorate to 'present themselves' before we can issue 'summons to appear'. I am sure we will get a response in the morning. Lets see how this goes. RgdsGrace ----------------------------------------------------------------------------------- If you have the strength to survive, you have the power to succeed. Life is all about choices we make depending upon the situation we are in. Go forth and rule the World! From: harry@comtelsys.co.ke Date: Tue, 17 Jan 2012 20:09:45 +0300 Subject: Re: [kictanet] 103 Government of Kenya websites hacked overnight CC: kictanet@lists.kictanet.or.ke To: ggithaiga@hotmail.com Maybe Grace, our convener can just go right ahead and issue summons-to-appear to the relevant-in-charge to show up on this forum, as we are wont to do as per our practice. Then, clearly, some understanding and constructive debate to delve into the happenings on the ground will go a long way to remedy, improve and innovate – in a way at least to do something about this andsecure our cyberspace.. It’s dangerously wild out there.. Harry From: kictanet-bounces+harry=comtelsys.co.ke@lists.kictanet.or.ke [mailto:kictanet-bounces+harry=comtelsys.co.ke@lists.kictanet.or.ke] On Behalf Of Odhiambo Washington Sent: Tuesday, January 17, 2012 6:33 PM To: harry@comtelsys.co.ke Cc: KICTAnet ICT Policy Discussions Subject: Re: [kictanet] 103 Government of Kenya websites hacked overnight And that is in conflict with their "Vision" then, otherwise it means theirs is to sit and only "react" in order "To make the Internet secure". Okay, let them have that. How about the "to develop a world-class security and information base and to become a publicly accessible forum for Internet and computer security."?? Is there anything like that they have done? I do realize the issue here was about .go.ke websites being defaced. So is it the job of this CIRT to clean the dogs*^t after the dog? :-) On Tue, Jan 17, 2012 at 18:16, McTim <dogwallah@gmail.com> wrote:ummm, a CIRT is a Computer Emergency RESPONSE Team. They respond in emergencies (like this), so yes, their mandate is essentially "reactive". -- Cheers, McTim "A name indicates what we seek. An address indicates where it is. A route indicates how we get there." Jon Postel On 1/17/12, Odhiambo Washington <odhiambo@gmail.com> wrote:

Is it Dr. Ndemo the one responsible for the govt websites, or being the PS makes him overall in-charge? Sorry, folks, I simply don't understand this. Now that you have introduced this thing called CIRT (I am hearing about it for the first time!), I have looked up what their mandate is and honestly, I don't see how it comes to this, unless their mandate is "reactive" response. From http://www.cck.go.ke/industry/information_security/certification_service_pro..., I can see this:

...

*Vision*> To make the Internet secure, to develop a world-class security and information base and to become a publicly accessible forum for Internet and computer security. *Mission*> To assist in the development of the Kenya information Society by making the use of computers and the Internet safer. *Stakeholders*> In executing its mandate, the KE-CIRT works with various local stakeholders including various government agencies, the private sector, academia and civil society. The current KE-CIRT stakeholders are as follows: • The various law enforcement agencies; • The Directorate of E-Government; • The Kenya ICT Board; • The Kenya Network Information Centre; • The Telecommunication Service Providers Association of Kenya; • The Kenya Education Network; • The Central Bank of Kenya.

And my conclusion is that the KE-CIRT is a waste of public funds unless I can be given some proof of the work that they have been doing to achieve their "Vision". Their "Mission" is simply a decoration on the wall.

Actually, I don't see what CIRT has got to do with the defacing of the websites. If they have a mandate to audit the development and the hosting environment of these websites, then it simply needs to be disbanded, like yesterday because it is obvious they do not have the capacity.

On Tue, Jan 17, 2012 at 17:50, James Richu <james@jimcomptech.com> wrote:

...

Dear Dr Ndemo,

...

...

An Indonesion hacker known as *direxer* has taken down 103 government of>> Kenya websites overnight. The hacker is part of an online Indonesian>> security forum known as *Forum Code Security* and says he took down the>> websites following tutorials from the forum. Such tutorials usually exploit

Can you kindly explain this......... programming errors in code, known as bugs, which have not been fixed.

The hacker appears to have a website at http://www.direxer.com/ though this has not been updated to reflect the hacking. In a message in the forum, the hacker says

...

...

*show off by me...*

*thanks for tutorial in www.code-security.com all...*

*i have exploit from cs web, and i attacking to server Goverment Kenya,,,, and then,,, success full... this is deface in this night...*>> The government has moved fast to take the affected websites offline through a Cyber Incidence Response Team(CIRT) based at the Communications Commission of Kenya. The CIRT was formed to handle such situations and ensures Kenya's security in cyber space. Vincent Ngundi who heads CIRT has>> responded with the following comment "*We're on it. Thanks for the heads-up and comments*" in Kenya's *Security Forum* where the news first>> broke.

...

...

1. http://www.administrationpolice.go.ke/index.html

The government normally hosts several websites in one server at The Treasury thus compromising the server may expose several websites to a hacker. The Administration Police website has been hacked several times in the recent past. At the same time, most of the websites hacked appear to have been running the Joomla Content Management system, 2. http://www.aideffectiveness.go.ke/index.html 3. http://www.bungomacounty.go.ke/index.html 4. http://www.businesslicense.go.ke/index.html 5. http://www.cak.go.ke/index.html 6. http://www.commstaskforce.go.ke/index.html 7. http://www.cooperative.go.ke/index.html 8. http://www.crd.go.ke/index.html 9. http://www.crisisrcentre.go.ke/index.html 10. http://www.ditkenya.go.ke/index.html 11. http://www.doshs.go.ke/index.html 12. http://www.economicstimulus.go.ke/index.html 13. http://www.eldoretmunicipal.go.ke/index.html 14. http://www.emu.go.ke/index.html 15. http://www.education.go.ke/index.html 16. http://www.environment.go.ke/index.html 17. http://www.filmservices.go.ke/index.html 18. http://www.fisheries.go.ke/index.html 19. http://www.forestryandwildlife.go.ke/index.html 20. http://www.gender.go.ke/index.html 21. http://www.governmentpress.go.ke/index.html 22. http://www.greenenergy.go.ke/index.html 23. http://www.housing.go.ke/index.html 24. http://www.ifmis.go.ke/index.html 25. http://www.immigration.go.ke/index.html 26. http://www.industrialization.go.ke/index.html 27. http://www.isc.go.ke/index.html 28. http://www.iprs.go.ke/index.html 29. http://www.itentambachtowncouncil.go.ke/index.html 30. http://www.itmis.go.ke/index.html 31. http://www.kenao.go.ke/index.html 32. http://www.kapsabetmunicipal.go.ke/index.html 33. http://www.kenyayearbook.go.ke/index.html 34. http://www.kerugoyakutusmunicipal.go.ke/index.html 35. http://www.kesi.go.ke/index.html 36. http://www.kipi.go.ke/index.html 37. http://www.kisumucountycouncil.go.ke/index.html 38. http://www.kirinyagacountycouncil.go.ke/index.html 39. http://www.kitalemunicipal.go.ke/index.html 40. http://www.kituimunicipal.go.ke/index.html 41. http://www.kkv.go.ke/index.html 42. http://www.knfparms.go.ke/index.html 43. http://www.knsdi.go.ke/index.html 44. http://www.kntc.go.ke/index.html 45. http://www.laikipiacountycouncil.go.ke/index.html 46. http://www.lands.go.ke/index.html 47. http://www.leatherdevelopmentcouncil.go.ke/index.html 48. http://www.limurumunicipal.go.ke/index.html 49. http://www.livestock.go.ke/index.html 50. http://www.lodwarmunicipal.go.ke/index.html 51. http://www.maraguacountycouncil.go.ke/index.html 52. http://www.mariakanitown.go.ke/index.html 53. http://www.maurestoration.go.ke/index.html 54. http://www.migoricountycouncil.go.ke/index.html 55. http://www.minesgeology.go.ke/index.html 56. http://www.mirp.go.ke/index.html 57. http://www.monitoring.go.ke/index.html 58. http://www.moyalecountycouncil.go.ke/index.html 59. http://www.murangacounty.go.ke/index.html 60. http://www.murangamunicipal.go.ke/index.html 61. http://www.nairobicity.go.ke/index.html 62. http://www.naivashamunicipal.go.ke/index.html 63. http://www.nakurucounty.go.ke/index.html 64. http://www.nationaldisaster.go.ke/index.html 65. http://www.nationalheritage.go.ke/index.html 66. http://www.nccs.go.ke/index.html 67. http://www.nec.go.ke/index.html 68. http://www.northernkenya.go.ke/index.html 69. http://www.nyandaruacountycouncil.go.ke/index.html 70. http://www.othayatowncouncil.go.ke/index.html 71. http://www.pec.go.ke/index.html 72. http://www.pfmr.go.ke/index.html 73. http://www.pghnyeri.go.ke/index.html 74. http://www.pharmacy.go.ke/index.html 75. http://www.prisons.go.ke/index.html 76. http://www.psrpc.go.ke/index.html 77. http://www.publichealth.go.ke/index.html 78. http://www.publicservice.go.ke/index.html 79. http://www.publicworks.go.ke/index.html 80. http://www.reformskenya.go.ke/index.html 81. http://www.refugees.go.ke/index.html 82. http://www.regional-dev.go.ke/index.html 83. http://www.roads.go.ke/index.html 84. http://www.rprlgsp.go.ke/index.html 85. http://www.scat.go.ke/index.html 86. http://www.scienceandtechnology.go.ke/index.html 87. http://www.singlewindow.go.ke/index.html 88. http://www.sprogrammes.go.ke/index.html 89. http://www.tabakatown.go.ke/index.html 90. http://www.tanathi.go.ke/index.html 91. http://www.tfdg.go.ke/index.html 92. http://www.technologycentre.ac.ke/index.html 93. http://www.theenergytribunal.go.ke/index.html 94. http://www.thekenyawewant.go.ke/index.html 95. http://www.thikamunicipal.go.ke/index.html 96. http://www.transformingkenya.go.ke/index.html 97. http://www.treasury.go.ke/index.html 98. http://www.ugunjatown.go.ke/index.html 99. http://www.ukwalatown.go.ke/index.html 100. http://www.westernkenya.go.ke/index.html 101. http://www.vihigamunicipal.go.ke/index.html 102. http://www.works.go.ke/index.html 103. http://www.youthaffairs.go.ke/index.html>>

On Tue, Jan 17, 2012 at 12:00 PM, <kictanet-request@lists.kictanet.or.ke>wrote:

...

Send kictanet mailing list submissions to kictanet@lists.kictanet.or.ke

To subscribe or unsubscribe via the World Wide Web, visit http://lists.kictanet.or.ke/mailman/listinfo/kictanet or, via email, send a message with subject or body 'help' to kictanet-request@lists.kictanet.or.ke

You can reach the person managing the list at kictanet-owner@lists.kictanet.or.ke

When replying, please edit your Subject line so it is more specific than "Re: Contents of kictanet digest..."

Today's Topics:

1. Re: Reality-on Media (bitange@jambo.co.ke)

----------------------------------------------------------------------

Message: 1 Date: Tue, 17 Jan 2012 07:28:07 +0000 From: bitange@jambo.co.ke To: "Pamela" <pamela@cardiacimplants.com>, kictanet-bounces+bitange=jambo.co.ke@lists.kictanet.or.ke Cc: 'KICTAnet ICT Policy Discussions' <kictanet@lists.kictanet.or.ke> Subject: Re: [kictanet] Reality-on Media Message-ID:

<1350874180-1326785244-cardhu_decombobulator_blackberry.rim.net-83781638-@b27.c2.bise7.blackberry

...

Content-Type: text/plain; charset="Windows-1252"

In my view, you can tell if an economy is a middle income or not by checking the availability of toilet paper in the bathroons especially public toilets.

There is a very high correlation of income and such essentials. In developing countries you hardly get toilet at it is stolen by the have nots. Kenya flip flops between low income and lower middle income status. That is why sometimes you get the toilet paper. The World Bank definition is too complex for ordinary people to understand. Take your own sample when you travel and for sure my model works.

Ndemo.

Sent from my BlackBerry?

-----Original Message----- From: "Pamela" <pamela@cardiacimplants.com> Sender: kictanet-bounces+bitange=jambo.co.ke@lists.kictanet.or.keDate: Mon, 16 Jan 2012 16:07:51 To: <bitange@jambo.co.ke> Cc: 'KICTAnet ICT Policy Discussions'<kictanet@lists.kictanet.or.ke> Subject: Re: [kictanet] Reality-on Media

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/bitange%40jambo.co.ke

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

------------------------------

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet

End of kictanet Digest, Vol 56, Issue 53 ****************************************

-->> * * *>> ------------------------ Jim Comptech Consultants ltd. Tel: 254 20 2503637 begin_of_the_skype_highlighting 254 20 2503637 end_of_the_skype_highlighting, 254 716 852202 begin_of_the_skype_highlighting 254 716 852202 end_of_the_skype_highlighting, 254 735 195969 begin_of_the_skype_highlighting 254 735 195969 end_of_the_skype_highlighting Occidental Plaza, 4th Flr., Muthithi Rd. Westlands. P.O.Box 73639 - 00200,>> Nairobi, Kenya.** http://www.jimcomptech.com*>>

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/odhiambo%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 begin_of_the_skype_highlighting +254722743223 end_of_the_skype_highlighting _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.> Please consider the environment before printing this email.

-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 begin_of_the_skype_highlighting +254722743223 end_of_the_skype_highlighting _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. Please consider the environment before printing this email. _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/ggithaiga%40hotmail.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

Thanks Grace, We do look forward. Meanwhile it is increasingly evident that cyber warfare has taken on a whole new dimension and the cyberspace now presents the perfect combat theatre, where malevolent battle is raging unabated. We must wake up very fast, map out our cyber boundaries, firewall them accordingly and post trained sentries on our border posts to keep watch and repulse intruders. They must also blow the whistle for help, if they get overwhelmed. National ICT information/ Data assets (information warehouses) should be distributed and not consolidated in one location - Geo/Infrastructure - etc.. Lastly, we held on this list in not-so-distant past a robust debate covering Data/information security( Cyber Security), and I gleaned a wealth of information from experts available on this list. It really remains to be seen just how much of what we discuss, agree and lay down as framework on this and other similar forums finds its way into policy. Grace, how do we ensure we just not another talking-shop, wasting airtime and bandwidth.? Harry From: Grace Githaiga [mailto:ggithaiga@hotmail.com] Sent: Tuesday, January 17, 2012 9:48 PM To: harry@comtelsys.co.ke Cc: kictanet@lists.kictanet.or.ke Subject: RE: [kictanet] 103 Government of Kenya websites hacked overnight Harry I agree that a response to this matter is necessary. Lets allow a representative from the Directorate to 'present themselves' before we can issue 'summons to appear'. I am sure we will get a response in the morning. Lets see how this goes. Rgds Grace ---------------------------------------------------------------------------- ------- If you have the strength to survive, you have the power to succeed. Life is all about choices we make depending upon the situation we are in. Go forth and rule the World! _____ From: harry@comtelsys.co.ke Date: Tue, 17 Jan 2012 20:09:45 +0300 Subject: Re: [kictanet] 103 Government of Kenya websites hacked overnight CC: kictanet@lists.kictanet.or.ke To: ggithaiga@hotmail.com Maybe Grace, our convener can just go right ahead and issue summons-to-appear to the relevant-in-charge to show up on this forum, as we are wont to do as per our practice. Then, clearly, some understanding and constructive debate to delve into the happenings on the ground will go a long way to remedy, improve and innovate - in a way at least to do something about this and secure our cyberspace.. It's dangerously wild out there.. Harry From: kictanet-bounces+harry=comtelsys.co.ke@lists.kictanet.or.ke [mailto:kictanet-bounces+harry=comtelsys.co.ke@lists.kictanet.or.ke] On Behalf Of Odhiambo Washington Sent: Tuesday, January 17, 2012 6:33 PM To: harry@comtelsys.co.ke Cc: KICTAnet ICT Policy Discussions Subject: Re: [kictanet] 103 Government of Kenya websites hacked overnight And that is in conflict with their "Vision" then, otherwise it means theirs is to sit and only "react" in order "To make the Internet secure". Okay, let them have that. How about the "to develop a world-class security and information base and to become a publicly accessible forum for Internet and computer security."?? Is there anything like that they have done? I do realize the issue here was about .go.ke websites being defaced. So is it the job of this CIRT to clean the dogs*^t after the dog? :-) On Tue, Jan 17, 2012 at 18:16, McTim <dogwallah@gmail.com> wrote: ummm, a CIRT is a Computer Emergency RESPONSE Team. They respond in emergencies (like this), so yes, their mandate is essentially "reactive". -- Cheers, McTim "A name indicates what we seek. An address indicates where it is. A route indicates how we get there." Jon Postel On 1/17/12, Odhiambo Washington <odhiambo@gmail.com> wrote:

Is it Dr. Ndemo the one responsible for the govt websites, or being the PS makes him overall in-charge? Sorry, folks, I simply don't understand this. Now that you have introduced this thing called CIRT (I am hearing about it for the first time!), I have looked up what their mandate is and honestly, I don't see how it comes to this, unless their mandate is "reactive" response. From

http://www.cck.go.ke/industry/information_security/certification_service_pro viders.html,

I can see this:

*Vision*

To make the Internet secure, to develop a world-class security and information base and to become a publicly accessible forum for Internet and computer security.

*Mission*

To assist in the development of the Kenya information Society by making the use of computers and the Internet safer.

*Stakeholders*

In executing its mandate, the KE-CIRT works with various local stakeholders including various government agencies, the private sector, academia and civil society. The current KE-CIRT stakeholders are as follows: . The various law enforcement agencies; . The Directorate of E-Government; . The Kenya ICT Board; . The Kenya Network Information Centre; . The Telecommunication Service Providers Association of Kenya; . The Kenya Education Network; . The Central Bank of Kenya.

And my conclusion is that the KE-CIRT is a waste of public funds unless I can be given some proof of the work that they have been doing to achieve their "Vision". Their "Mission" is simply a decoration on the wall.

Actually, I don't see what CIRT has got to do with the defacing of the websites. If they have a mandate to audit the development and the hosting environment of these websites, then it simply needs to be disbanded, like yesterday because it is obvious they do not have the capacity.

On Tue, Jan 17, 2012 at 17:50, James Richu <james@jimcomptech.com> wrote:

...

Dear Dr Ndemo,

Can you kindly explain this.........

...

An Indonesion hacker known as *direxer* has taken down 103 government of

...

Kenya websites overnight. The hacker is part of an online Indonesian

...

security forum known as *Forum Code Security* and says he took down the

...

websites following tutorials from the forum. Such tutorials usually exploit programming errors in code, known as bugs, which have not been fixed.

The hacker appears to have a website at http://www.direxer.com/ though this has not been updated to reflect the hacking. In a message in the forum, the hacker says

...

*show off by me...*

*thanks for tutorial in www.code-security.com all...*

*i have exploit from cs web, and i attacking to server Goverment Kenya,,,, and then,,, success full... this is deface in this night...*

...

The government has moved fast to take the affected websites offline through a Cyber Incidence Response Team(CIRT) based at the Communications Commission of Kenya. The CIRT was formed to handle such situations and ensures Kenya's security in cyber space. Vincent Ngundi who heads CIRT

has

...

responded with the following comment "*We're on it. Thanks for the heads-up and comments*" in Kenya's *Security Forum* where the news first

...

broke.

The government normally hosts several websites in one server at The Treasury thus compromising the server may expose several websites to a hacker. The Administration Police website has been hacked several times in the recent past. At the same time, most of the websites hacked appear to have been running the Joomla Content Management system,

...

1. http://www.administrationpolice.go.ke/index.html 2. http://www.aideffectiveness.go.ke/index.html 3. http://www.bungomacounty.go.ke/index.html 4. http://www.businesslicense.go.ke/index.html 5. http://www.cak.go.ke/index.html 6. http://www.commstaskforce.go.ke/index.html 7. http://www.cooperative.go.ke/index.html 8. http://www.crd.go.ke/index.html 9. http://www.crisisrcentre.go.ke/index.html 10. http://www.ditkenya.go.ke/index.html 11. http://www.doshs.go.ke/index.html 12. http://www.economicstimulus.go.ke/index.html 13. http://www.eldoretmunicipal.go.ke/index.html 14. http://www.emu.go.ke/index.html 15. http://www.education.go.ke/index.html 16. http://www.environment.go.ke/index.html 17. http://www.filmservices.go.ke/index.html 18. http://www.fisheries.go.ke/index.html 19. http://www.forestryandwildlife.go.ke/index.html 20. http://www.gender.go.ke/index.html 21. http://www.governmentpress.go.ke/index.html 22. http://www.greenenergy.go.ke/index.html 23. http://www.housing.go.ke/index.html 24. http://www.ifmis.go.ke/index.html 25. http://www.immigration.go.ke/index.html 26. http://www.industrialization.go.ke/index.html 27. http://www.isc.go.ke/index.html 28. http://www.iprs.go.ke/index.html 29. http://www.itentambachtowncouncil.go.ke/index.html 30. http://www.itmis.go.ke/index.html 31. http://www.kenao.go.ke/index.html 32. http://www.kapsabetmunicipal.go.ke/index.html 33. http://www.kenyayearbook.go.ke/index.html 34. http://www.kerugoyakutusmunicipal.go.ke/index.html 35. http://www.kesi.go.ke/index.html 36. http://www.kipi.go.ke/index.html 37. http://www.kisumucountycouncil.go.ke/index.html 38. http://www.kirinyagacountycouncil.go.ke/index.html 39. http://www.kitalemunicipal.go.ke/index.html 40. http://www.kituimunicipal.go.ke/index.html 41. http://www.kkv.go.ke/index.html 42. http://www.knfparms.go.ke/index.html 43. http://www.knsdi.go.ke/index.html 44. http://www.kntc.go.ke/index.html 45. http://www.laikipiacountycouncil.go.ke/index.html 46. http://www.lands.go.ke/index.html 47. http://www.leatherdevelopmentcouncil.go.ke/index.html 48. http://www.limurumunicipal.go.ke/index.html 49. http://www.livestock.go.ke/index.html 50. http://www.lodwarmunicipal.go.ke/index.html 51. http://www.maraguacountycouncil.go.ke/index.html 52. http://www.mariakanitown.go.ke/index.html 53. http://www.maurestoration.go.ke/index.html 54. http://www.migoricountycouncil.go.ke/index.html 55. http://www.minesgeology.go.ke/index.html 56. http://www.mirp.go.ke/index.html 57. http://www.monitoring.go.ke/index.html 58. http://www.moyalecountycouncil.go.ke/index.html 59. http://www.murangacounty.go.ke/index.html 60. http://www.murangamunicipal.go.ke/index.html 61. http://www.nairobicity.go.ke/index.html 62. http://www.naivashamunicipal.go.ke/index.html 63. http://www.nakurucounty.go.ke/index.html 64. http://www.nationaldisaster.go.ke/index.html 65. http://www.nationalheritage.go.ke/index.html 66. http://www.nccs.go.ke/index.html 67. http://www.nec.go.ke/index.html 68. http://www.northernkenya.go.ke/index.html 69. http://www.nyandaruacountycouncil.go.ke/index.html 70. http://www.othayatowncouncil.go.ke/index.html 71. http://www.pec.go.ke/index.html 72. http://www.pfmr.go.ke/index.html 73. http://www.pghnyeri.go.ke/index.html 74. http://www.pharmacy.go.ke/index.html 75. http://www.prisons.go.ke/index.html 76. http://www.psrpc.go.ke/index.html 77. http://www.publichealth.go.ke/index.html 78. http://www.publicservice.go.ke/index.html 79. http://www.publicworks.go.ke/index.html 80. http://www.reformskenya.go.ke/index.html 81. http://www.refugees.go.ke/index.html 82. http://www.regional-dev.go.ke/index.html 83. http://www.roads.go.ke/index.html 84. http://www.rprlgsp.go.ke/index.html 85. http://www.scat.go.ke/index.html 86. http://www.scienceandtechnology.go.ke/index.html 87. http://www.singlewindow.go.ke/index.html 88. http://www.sprogrammes.go.ke/index.html 89. http://www.tabakatown.go.ke/index.html 90. http://www.tanathi.go.ke/index.html 91. http://www.tfdg.go.ke/index.html 92. http://www.technologycentre.ac.ke/index.html 93. http://www.theenergytribunal.go.ke/index.html 94. http://www.thekenyawewant.go.ke/index.html 95. http://www.thikamunicipal.go.ke/index.html 96. http://www.transformingkenya.go.ke/index.html 97. http://www.treasury.go.ke/index.html 98. http://www.ugunjatown.go.ke/index.html 99. http://www.ukwalatown.go.ke/index.html 100. http://www.westernkenya.go.ke/index.html 101. http://www.vihigamunicipal.go.ke/index.html 102. http://www.works.go.ke/index.html 103. http://www.youthaffairs.go.ke/index.html

...

On Tue, Jan 17, 2012 at 12:00 PM, <kictanet-request@lists.kictanet.or.ke>wrote:

...

Send kictanet mailing list submissions to kictanet@lists.kictanet.or.ke

To subscribe or unsubscribe via the World Wide Web, visit http://lists.kictanet.or.ke/mailman/listinfo/kictanet or, via email, send a message with subject or body 'help' to kictanet-request@lists.kictanet.or.ke

You can reach the person managing the list at kictanet-owner@lists.kictanet.or.ke

When replying, please edit your Subject line so it is more specific than "Re: Contents of kictanet digest..."

Today's Topics:

1. Re: Reality-on Media (bitange@jambo.co.ke)

----------------------------------------------------------------------

Message: 1 Date: Tue, 17 Jan 2012 07:28:07 +0000 From: bitange@jambo.co.ke To: "Pamela" <pamela@cardiacimplants.com>, kictanet-bounces+bitange=jambo.co.ke@lists.kictanet.or.ke Cc: 'KICTAnet ICT Policy Discussions' <kictanet@lists.kictanet.or.ke> Subject: Re: [kictanet] Reality-on Media Message-ID:

<1350874180-1326785244-cardhu_decombobulator_blackberry.rim.net-83781638-@b2 7.c2.bise7.blackberry

...

...

...

Content-Type: text/plain; charset="Windows-1252"

In my view, you can tell if an economy is a middle income or not by checking the availability of toilet paper in the bathroons especially public toilets.

There is a very high correlation of income and such essentials. In developing countries you hardly get toilet at it is stolen by the have nots. Kenya flip flops between low income and lower middle income status. That is why sometimes you get the toilet paper. The World Bank definition is too complex for ordinary people to understand. Take your own sample when you travel and for sure my model works.

Ndemo.

Sent from my BlackBerry?

-----Original Message----- From: "Pamela" <pamela@cardiacimplants.com> Sender: kictanet-bounces+bitange=jambo.co.ke@lists.kictanet.or.keDate: Mon, 16 Jan 2012 16:07:51 To: <bitange@jambo.co.ke> Cc: 'KICTAnet ICT Policy Discussions'<kictanet@lists.kictanet.or.ke> Subject: Re: [kictanet] Reality-on Media

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at

http://lists.kictanet.or.ke/mailman/options/kictanet/bitange%40jambo.co.ke

...

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy,

do

...

not spam, do not market your wares or qualifications.

------------------------------

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet

End of kictanet Digest, Vol 56, Issue 53 ****************************************

--

...

* * *

...

------------------------ Jim Comptech Consultants ltd. Tel: 254 20 2503637 begin_of_the_skype_highlighting 254 20

2503637 end_of_the_skype_highlighting, 254 716 852202 begin_of_the_skype_highlighting 254 716 852202 end_of_the_skype_highlighting, 254 735 195969 begin_of_the_skype_highlighting 254 735 195969 end_of_the_skype_highlighting

...

Occidental Plaza, 4th Flr., Muthithi Rd. Westlands. P.O.Box 73639 - 00200,

...

Nairobi, Kenya.** http://www.jimcomptech.com*

...

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/odhiambo%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and

bandwidth,

...

share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 begin_of_the_skype_highlighting +254722743223 end_of_the_skype_highlighting _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.

Please consider the environment before printing this email.

-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 begin_of_the_skype_highlighting +254722743223 end_of_the_skype_highlighting _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. Please consider the environment before printing this email. _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/ggithaiga%40hotmail.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

Grace, we not hearing anything and all there seems to be is bits and pieces all over the place…? So what has transpired, and what is the update and way forward…? Or should we just assume this is none of our business and move on…? I think in all honesty, let’s seek to arm this forum with the voice to be heard, and the ability to influence National ICT policy in all its facets…. Cybersecurity being a crucial component.. Regards, Harry From: kictanet-bounces+harry=comtelsys.co.ke@lists.kictanet.or.ke [mailto:kictanet-bounces+harry=comtelsys.co.ke@lists.kictanet.or.ke] On Behalf Of robert yawe Sent: Wednesday, January 18, 2012 11:07 AM To: harry@comtelsys.co.ke Cc: kictanet@lists.kictanet.or.ke Subject: Re: [kictanet] 103 Government of Kenya websites hacked overnight Hi, Last time I checked the websites where the KPIs for KICT Board. Regards Robert Yawe KAY System Technologies Ltd Phoenix House, 6th Floor P O Box 55806 Nairobi, 00200 Kenya Tel: +254722511225, +254202010696 _____ From: Grace Githaiga <ggithaiga@hotmail.com> To: robertyawe@yahoo.co.uk Cc: kictanet@lists.kictanet.or.ke Sent: Tuesday, 17 January 2012, 21:47 Subject: Re: [kictanet] 103 Government of Kenya websites hacked overnight Harry I agree that a response to this matter is necessary. Lets allow a representative from the Directorate to 'present themselves' before we can issue 'summons to appear'. I am sure we will get a response in the morning. Lets see how this goes. Rgds Grace ----------------------------------------------------------------------------------- If you have the strength to survive, you have the power to succeed. Life is all about choices we make depending upon the situation we are in. Go forth and rule the World! _____ From: harry@comtelsys.co.ke Date: Tue, 17 Jan 2012 20:09:45 +0300 Subject: Re: [kictanet] 103 Government of Kenya websites hacked overnight CC: kictanet@lists.kictanet.or.ke To: ggithaiga@hotmail.com Maybe Grace, our convener can just go right ahead and issue summons-to-appear to the relevant-in-charge to show up on this forum, as we are wont to do as per our practice. Then, clearly, some understanding and constructive debate to delve into the happenings on the ground will go a long way to remedy, improve and innovate – in a way at least to do something about this and secure our cyberspace.. It’s dangerously wild out there.. Harry From: kictanet-bounces+harry=comtelsys.co.ke@lists.kictanet.or.ke [mailto:kictanet-bounces+harry=comtelsys.co.ke@lists.kictanet.or.ke] On Behalf Of Odhiambo Washington Sent: Tuesday, January 17, 2012 6:33 PM To: harry@comtelsys.co.ke Cc: KICTAnet ICT Policy Discussions Subject: Re: [kictanet] 103 Government of Kenya websites hacked overnight And that is in conflict with their "Vision" then, otherwise it means theirs is to sit and only "react" in order "To make the Internet secure". Okay, let them have that. How about the "to develop a world-class security and information base and to become a publicly accessible forum for Internet and computer security."?? Is there anything like that they have done? I do realize the issue here was about .go.ke websites being defaced. So is it the job of this CIRT to clean the dogs*^t after the dog? :-) On Tue, Jan 17, 2012 at 18:16, McTim <dogwallah@gmail.com> wrote: ummm, a CIRT is a Computer Emergency RESPONSE Team. They respond in emergencies (like this), so yes, their mandate is essentially "reactive". -- Cheers, McTim "A name indicates what we seek. An address indicates where it is. A route indicates how we get there." Jon Postel On 1/17/12, Odhiambo Washington <odhiambo@gmail.com> wrote:

Is it Dr. Ndemo the one responsible for the govt websites, or being the PS makes him overall in-charge? Sorry, folks, I simply don't understand this. Now that you have introduced this thing called CIRT (I am hearing about it for the first time!), I have looked up what their mandate is and honestly, I don't see how it comes to this, unless their mandate is "reactive" response. From http://www.cck.go.ke/industry/information_security/certification_service_pro..., I can see this:

*Vision*

To make the Internet secure, to develop a world-class security and information base and to become a publicly accessible forum for Internet and computer security.

*Mission*

To assist in the development of the Kenya information Society by making the use of computers and the Internet safer.

*Stakeholders*

In executing its mandate, the KE-CIRT works with various local stakeholders including various government agencies, the private sector, academia and civil society. The current KE-CIRT stakeholders are as follows: • The various law enforcement agencies; • The Directorate of E-Government; • The Kenya ICT Board; • The Kenya Network Information Centre; • The Telecommunication Service Providers Association of Kenya; • The Kenya Education Network; • The Central Bank of Kenya.

And my conclusion is that the KE-CIRT is a waste of public funds unless I can be given some proof of the work that they have been doing to achieve their "Vision". Their "Mission" is simply a decoration on the wall.

Actually, I don't see what CIRT has got to do with the defacing of the websites. If they have a mandate to audit the development and the hosting environment of these websites, then it simply needs to be disbanded, like yesterday because it is obvious they do not have the capacity.

On Tue, Jan 17, 2012 at 17:50, James Richu <james@jimcomptech.com> wrote:

...

Dear Dr Ndemo,

Can you kindly explain this.........

...

An Indonesion hacker known as *direxer* has taken down 103 government of

...

Kenya websites overnight. The hacker is part of an online Indonesian

...

security forum known as *Forum Code Security* and says he took down the

...

websites following tutorials from the forum. Such tutorials usually exploit programming errors in code, known as bugs, which have not been fixed.

The hacker appears to have a website at http://www.direxer.com/ though this has not been updated to reflect the hacking. In a message in the forum, the hacker says

...

*show off by me...*

*thanks for tutorial in www.code-security.com all...*

*i have exploit from cs web, and i attacking to server Goverment Kenya,,,, and then,,, success full... this is deface in this night...*

...

The government has moved fast to take the affected websites offline through a Cyber Incidence Response Team(CIRT) based at the Communications Commission of Kenya. The CIRT was formed to handle such situations and ensures Kenya's security in cyber space. Vincent Ngundi who heads CIRT has

...

responded with the following comment "*We're on it. Thanks for the heads-up and comments*" in Kenya's *Security Forum* where the news first

...

broke.

The government normally hosts several websites in one server at The Treasury thus compromising the server may expose several websites to a hacker. The Administration Police website has been hacked several times in the recent past. At the same time, most of the websites hacked appear to have been running the Joomla Content Management system,

...

1. http://www.administrationpolice.go.ke/index.html 2. http://www.aideffectiveness.go.ke/index.html 3. http://www.bungomacounty.go.ke/index.html 4. http://www.businesslicense.go.ke/index.html 5. http://www.cak.go.ke/index.html 6. http://www.commstaskforce.go.ke/index.html 7. http://www.cooperative.go.ke/index.html 8. http://www.crd.go.ke/index.html 9. http://www.crisisrcentre.go.ke/index.html 10. http://www.ditkenya.go.ke/index.html 11. http://www.doshs.go.ke/index.html 12. http://www.economicstimulus.go.ke/index.html 13. http://www.eldoretmunicipal.go.ke/index.html 14. http://www.emu.go.ke/index.html 15. http://www.education.go.ke/index.html 16. http://www.environment.go.ke/index.html 17. http://www.filmservices.go.ke/index.html 18. http://www.fisheries.go.ke/index.html 19. http://www.forestryandwildlife.go.ke/index.html 20. http://www.gender.go.ke/index.html 21. http://www.governmentpress.go.ke/index.html 22. http://www.greenenergy.go.ke/index.html 23. http://www.housing.go.ke/index.html 24. http://www.ifmis.go.ke/index.html 25. http://www.immigration.go.ke/index.html 26. http://www.industrialization.go.ke/index.html 27. http://www.isc.go.ke/index.html 28. http://www.iprs.go.ke/index.html 29. http://www.itentambachtowncouncil.go.ke/index.html 30. http://www.itmis.go.ke/index.html 31. http://www.kenao.go.ke/index.html 32. http://www.kapsabetmunicipal.go.ke/index.html 33. http://www.kenyayearbook.go.ke/index.html 34. http://www.kerugoyakutusmunicipal.go.ke/index.html 35. http://www.kesi.go.ke/index.html 36. http://www.kipi.go.ke/index.html 37. http://www.kisumucountycouncil.go.ke/index.html 38. http://www.kirinyagacountycouncil.go.ke/index.html 39. http://www.kitalemunicipal.go.ke/index.html 40. http://www.kituimunicipal.go.ke/index.html 41. http://www.kkv.go.ke/index.html 42. http://www.knfparms.go.ke/index.html 43. http://www.knsdi.go.ke/index.html 44. http://www.kntc.go.ke/index.html 45. http://www.laikipiacountycouncil.go.ke/index.html 46. http://www.lands.go.ke/index.html 47. http://www.leatherdevelopmentcouncil.go.ke/index.html 48. http://www.limurumunicipal.go.ke/index.html 49. http://www.livestock.go.ke/index.html 50. http://www.lodwarmunicipal.go.ke/index.html 51. http://www.maraguacountycouncil.go.ke/index.html 52. http://www.mariakanitown.go.ke/index.html 53. http://www.maurestoration.go.ke/index.html 54. http://www.migoricountycouncil.go.ke/index.html 55. http://www.minesgeology.go.ke/index.html 56. http://www.mirp.go.ke/index.html 57. http://www.monitoring.go.ke/index.html 58. http://www.moyalecountycouncil.go.ke/index.html 59. http://www.murangacounty.go.ke/index.html 60. http://www.murangamunicipal.go.ke/index.html 61. http://www.nairobicity.go.ke/index.html 62. http://www.naivashamunicipal.go.ke/index.html 63. http://www.nakurucounty.go.ke/index.html 64. http://www.nationaldisaster.go.ke/index.html 65. http://www.nationalheritage.go.ke/index.html 66. http://www.nccs.go.ke/index.html 67. http://www.nec.go.ke/index.html 68. http://www.northernkenya.go.ke/index.html 69. http://www.nyandaruacountycouncil.go.ke/index.html 70. http://www.othayatowncouncil.go.ke/index.html 71. http://www.pec.go.ke/index.html 72. http://www.pfmr.go.ke/index.html 73. http://www.pghnyeri.go.ke/index.html 74. http://www.pharmacy.go.ke/index.html 75. http://www.prisons.go.ke/index.html 76. http://www.psrpc.go.ke/index.html 77. http://www.publichealth.go.ke/index.html 78. http://www.publicservice.go.ke/index.html 79. http://www.publicworks.go.ke/index.html 80. http://www.reformskenya.go.ke/index.html 81. http://www.refugees.go.ke/index.html 82. http://www.regional-dev.go.ke/index.html 83. http://www.roads.go.ke/index.html 84. http://www.rprlgsp.go.ke/index.html 85. http://www.scat.go.ke/index.html 86. http://www.scienceandtechnology.go.ke/index.html 87. http://www.singlewindow.go.ke/index.html 88. http://www.sprogrammes.go.ke/index.html 89. http://www.tabakatown.go.ke/index.html 90. http://www.tanathi.go.ke/index.html 91. http://www.tfdg.go.ke/index.html 92. http://www.technologycentre.ac.ke/index.html 93. http://www.theenergytribunal.go.ke/index.html 94. http://www.thekenyawewant.go.ke/index.html 95. http://www.thikamunicipal.go.ke/index.html 96. http://www.transformingkenya.go.ke/index.html 97. http://www.treasury.go.ke/index.html 98. http://www.ugunjatown.go.ke/index.html 99. http://www.ukwalatown.go.ke/index.html 100. http://www.westernkenya.go.ke/index.html 101. http://www.vihigamunicipal.go.ke/index.html 102. http://www.works.go.ke/index.html 103. http://www.youthaffairs.go.ke/index.html

...

On Tue, Jan 17, 2012 at 12:00 PM, <kictanet-request@lists.kictanet.or.ke>wrote:

...

Send kictanet mailing list submissions to kictanet@lists.kictanet.or.ke

To subscribe or unsubscribe via the World Wide Web, visit http://lists.kictanet.or.ke/mailman/listinfo/kictanet or, via email, send a message with subject or body 'help' to kictanet-request@lists.kictanet.or.ke

You can reach the person managing the list at kictanet-owner@lists.kictanet.or.ke

When replying, please edit your Subject line so it is more specific than "Re: Contents of kictanet digest..."

Today's Topics:

1. Re: Reality-on Media (bitange@jambo.co.ke)

----------------------------------------------------------------------

Message: 1 Date: Tue, 17 Jan 2012 07:28:07 +0000 From: bitange@jambo.co.ke To: "Pamela" <pamela@cardiacimplants.com>, kictanet-bounces+bitange=jambo.co.ke@lists.kictanet.or.ke Cc: 'KICTAnet ICT Policy Discussions' <kictanet@lists.kictanet.or.ke> Subject: Re: [kictanet] Reality-on Media Message-ID:

<1350874180-1326785244-cardhu_decombobulator_blackberry.rim.net-83781638-@b27.c2.bise7.blackberry

...

Content-Type: text/plain; charset="Windows-1252"

In my view, you can tell if an economy is a middle income or not by checking the availability of toilet paper in the bathroons especially public toilets.

There is a very high correlation of income and such essentials. In developing countries you hardly get toilet at it is stolen by the have nots. Kenya flip flops between low income and lower middle income status. That is why sometimes you get the toilet paper. The World Bank definition is too complex for ordinary people to understand. Take your own sample when you travel and for sure my model works.

Ndemo.

Sent from my BlackBerry?

-----Original Message----- From: "Pamela" <pamela@cardiacimplants.com> Sender: kictanet-bounces+bitange=jambo.co.ke@lists.kictanet.or.keDate: Mon, 16 Jan 2012 16:07:51 To: <bitange@jambo.co.ke> Cc: 'KICTAnet ICT Policy Discussions'<kictanet@lists.kictanet.or.ke> Subject: Re: [kictanet] Reality-on Media

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/bitange%40jambo.co.ke

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

------------------------------

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet

End of kictanet Digest, Vol 56, Issue 53 ****************************************

--

...

* * *

...

------------------------ Jim Comptech Consultants ltd. Tel: 254 20 2503637 begin_of_the_skype_highlighting 254 20 2503637 end_of_the_skype_highlighting, 254 716 852202 begin_of_the_skype_highlighting 254 716 852202 end_of_the_skype_highlighting, 254 735 195969 begin_of_the_skype_highlighting 254 735 195969 end_of_the_skype_highlighting Occidental Plaza, 4th Flr., Muthithi Rd. Westlands. P.O.Box 73639 - 00200,

...

Nairobi, Kenya.** http://www.jimcomptech.com*

...

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/odhiambo%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 begin_of_the_skype_highlighting +254722743223 end_of_the_skype_highlighting _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.

Please consider the environment before printing this email.

-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 begin_of_the_skype_highlighting +254722743223 end_of_the_skype_highlighting _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. Please consider the environment before printing this email. _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/ggithaiga%40hotmail.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/robertyawe%40yahoo.co.u... The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

Bw PS and Listers Once again apologies for receiving that message repeatedly. It is beyond me but Washington is working on the matter. We have agreed he should block that message. I have equally been stressed by the number of times that message has come through. I have noticed it is on that particular thread and was thinking it may have been hacked. Hopefully this nightmare will be over soon. Thanks for understanding. RgdsGrace ----------------------------------------------------------------------------------- If you have the strength to survive, you have the power to succeed. Life is all about choices we make depending upon the situation we are in. Go forth and rule the World!

A tall order indeed for the CIRT, if you’d ask me. Cyber Security is indeed multifaceted.. I therefore suppose a team that convened just the other day is pretty much still at a nascent stage. So to expect them to throw a security cordon around 200+ Govt. websites that are already online, some with very sensitive content is a bit too overarching… I suggest Cyber Security (Proactive, Monitoring, Audit & Response) be outsourced to real infosec experts. And we have plenty of them in this country.. It still baffles me that almost all those sites point to a single server/IP address.. Again, is Directorate represented on this list..? Harry From: kictanet-bounces+harry=comtelsys.co.ke@lists.kictanet.or.ke [mailto:kictanet-bounces+harry=comtelsys.co.ke@lists.kictanet.or.ke] On Behalf Of Odhiambo Washington Sent: Tuesday, January 17, 2012 6:10 PM To: harry@comtelsys.co.ke Cc: KICTAnet ICT Policy Discussions Subject: Re: [kictanet] 103 Government of Kenya websites hacked overnight Is it Dr. Ndemo the one responsible for the govt websites, or being the PS makes him overall in-charge? Sorry, folks, I simply don't understand this. Now that you have introduced this thing called CIRT (I am hearing about it for the first time!), I have looked up what their mandate is and honestly, I don't see how it comes to this, unless their mandate is "reactive" response.

From http://www.cck.go.ke/industry/information_security/certification_service_pro..., I can see this:

Vision To make the Internet secure, to develop a world-class security and information base and to become a publicly accessible forum for Internet and computer security. Mission To assist in the development of the Kenya information Society by making the use of computers and the Internet safer. Stakeholders In executing its mandate, the KE-CIRT works with various local stakeholders including various government agencies, the private sector, academia and civil society. The current KE-CIRT stakeholders are as follows: • The various law enforcement agencies; • The Directorate of E-Government; • The Kenya ICT Board; • The Kenya Network Information Centre; • The Telecommunication Service Providers Association of Kenya; • The Kenya Education Network; • The Central Bank of Kenya. And my conclusion is that the KE-CIRT is a waste of public funds unless I can be given some proof of the work that they have been doing to achieve their "Vision". Their "Mission" is simply a decoration on the wall. Actually, I don't see what CIRT has got to do with the defacing of the websites. If they have a mandate to audit the development and the hosting environment of these websites, then it simply needs to be disbanded, like yesterday because it is obvious they do not have the capacity. On Tue, Jan 17, 2012 at 17:50, James Richu <james@jimcomptech.com> wrote: Dear Dr Ndemo, Can you kindly explain this......... An Indonesion hacker known as direxer has taken down 103 government of Kenya websites overnight. The hacker is part of an online Indonesian security forum known as Forum Code Security and says he took down the websites following tutorials from the forum. Such tutorials usually exploit programming errors in code, known as bugs, which have not been fixed. The hacker appears to have a website at http://www.direxer.com/ though this has not been updated to reflect the hacking. In a message in the forum, the hacker says show off by me... thanks for tutorial in www.code-security.com all... i have exploit from cs web, and i attacking to server Goverment Kenya,,,, and then,,, success full... this is deface in this night... The government has moved fast to take the affected websites offline through a Cyber Incidence Response Team(CIRT) based at the Communications Commission of Kenya. The CIRT was formed to handle such situations and ensures Kenya's security in cyber space. Vincent Ngundi who heads CIRT has responded with the following comment "We're on it. Thanks for the heads-up and comments" in Kenya's Security Forum where the news first broke. The government normally hosts several websites in one server at The Treasury thus compromising the server may expose several websites to a hacker. The Administration Police website has been hacked several times in the recent past. At the same time, most of the websites hacked appear to have been running the Joomla Content Management system, 1. http://www.administrationpolice.go.ke/index.html 2. http://www.aideffectiveness.go.ke/index.html 3. http://www.bungomacounty.go.ke/index.html 4. http://www.businesslicense.go.ke/index.html 5. http://www.cak.go.ke/index.html 6. http://www.commstaskforce.go.ke/index.html 7. http://www.cooperative.go.ke/index.html 8. http://www.crd.go.ke/index.html 9. http://www.crisisrcentre.go.ke/index.html 10. http://www.ditkenya.go.ke/index.html 11. http://www.doshs.go.ke/index.html 12. http://www.economicstimulus.go.ke/index.html 13. http://www.eldoretmunicipal.go.ke/index.html 14. http://www.emu.go.ke/index.html 15. http://www.education.go.ke/index.html 16. http://www.environment.go.ke/index.html 17. http://www.filmservices.go.ke/index.html 18. http://www.fisheries.go.ke/index.html 19. http://www.forestryandwildlife.go.ke/index.html 20. http://www.gender.go.ke/index.html 21. http://www.governmentpress.go.ke/index.html 22. http://www.greenenergy.go.ke/index.html 23. http://www.housing.go.ke/index.html 24. http://www.ifmis.go.ke/index.html 25. http://www.immigration.go.ke/index.html 26. http://www.industrialization.go.ke/index.html 27. http://www.isc.go.ke/index.html 28. http://www.iprs.go.ke/index.html 29. http://www.itentambachtowncouncil.go.ke/index.html 30. http://www.itmis.go.ke/index.html 31. http://www.kenao.go.ke/index.html 32. http://www.kapsabetmunicipal.go.ke/index.html 33. http://www.kenyayearbook.go.ke/index.html 34. http://www.kerugoyakutusmunicipal.go.ke/index.html 35. http://www.kesi.go.ke/index.html 36. http://www.kipi.go.ke/index.html 37. http://www.kisumucountycouncil.go.ke/index.html 38. http://www.kirinyagacountycouncil.go.ke/index.html 39. http://www.kitalemunicipal.go.ke/index.html 40. http://www.kituimunicipal.go.ke/index.html 41. http://www.kkv.go.ke/index.html 42. http://www.knfparms.go.ke/index.html 43. http://www.knsdi.go.ke/index.html 44. http://www.kntc.go.ke/index.html 45. http://www.laikipiacountycouncil.go.ke/index.html 46. http://www.lands.go.ke/index.html 47. http://www.leatherdevelopmentcouncil.go.ke/index.html 48. http://www.limurumunicipal.go.ke/index.html 49. http://www.livestock.go.ke/index.html 50. http://www.lodwarmunicipal.go.ke/index.html 51. http://www.maraguacountycouncil.go.ke/index.html 52. http://www.mariakanitown.go.ke/index.html 53. http://www.maurestoration.go.ke/index.html 54. http://www.migoricountycouncil.go.ke/index.html 55. http://www.minesgeology.go.ke/index.html 56. http://www.mirp.go.ke/index.html 57. http://www.monitoring.go.ke/index.html 58. http://www.moyalecountycouncil.go.ke/index.html 59. http://www.murangacounty.go.ke/index.html 60. http://www.murangamunicipal.go.ke/index.html 61. http://www.nairobicity.go.ke/index.html 62. http://www.naivashamunicipal.go.ke/index.html 63. http://www.nakurucounty.go.ke/index.html 64. http://www.nationaldisaster.go.ke/index.html 65. http://www.nationalheritage.go.ke/index.html 66. http://www.nccs.go.ke/index.html 67. http://www.nec.go.ke/index.html 68. http://www.northernkenya.go.ke/index.html 69. http://www.nyandaruacountycouncil.go.ke/index.html 70. http://www.othayatowncouncil.go.ke/index.html 71. http://www.pec.go.ke/index.html 72. http://www.pfmr.go.ke/index.html 73. http://www.pghnyeri.go.ke/index.html 74. http://www.pharmacy.go.ke/index.html 75. http://www.prisons.go.ke/index.html 76. http://www.psrpc.go.ke/index.html 77. http://www.publichealth.go.ke/index.html 78. http://www.publicservice.go.ke/index.html 79. http://www.publicworks.go.ke/index.html 80. http://www.reformskenya.go.ke/index.html 81. http://www.refugees.go.ke/index.html 82. http://www.regional-dev.go.ke/index.html 83. http://www.roads.go.ke/index.html 84. http://www.rprlgsp.go.ke/index.html 85. http://www.scat.go.ke/index.html 86. http://www.scienceandtechnology.go.ke/index.html 87. http://www.singlewindow.go.ke/index.html 88. http://www.sprogrammes.go.ke/index.html 89. http://www.tabakatown.go.ke/index.html 90. http://www.tanathi.go.ke/index.html 91. http://www.tfdg.go.ke/index.html 92. http://www.technologycentre.ac.ke/index.html 93. http://www.theenergytribunal.go.ke/index.html 94. http://www.thekenyawewant.go.ke/index.html 95. http://www.thikamunicipal.go.ke/index.html 96. http://www.transformingkenya.go.ke/index.html 97. http://www.treasury.go.ke/index.html 98. http://www.ugunjatown.go.ke/index.html 99. http://www.ukwalatown.go.ke/index.html 100.http://www.westernkenya.go.ke/index.html 101.http://www.vihigamunicipal.go.ke/index.html 102.http://www.works.go.ke/index.html 103.http://www.youthaffairs.go.ke/index.html On Tue, Jan 17, 2012 at 12:00 PM, <kictanet-request@lists.kictanet.or.ke> wrote: Send kictanet mailing list submissions to kictanet@lists.kictanet.or.ke To subscribe or unsubscribe via the World Wide Web, visit http://lists.kictanet.or.ke/mailman/listinfo/kictanet or, via email, send a message with subject or body 'help' to kictanet-request@lists.kictanet.or.ke You can reach the person managing the list at kictanet-owner@lists.kictanet.or.ke When replying, please edit your Subject line so it is more specific than "Re: Contents of kictanet digest..." Today's Topics: 1. Re: Reality-on Media (bitange@jambo.co.ke) ---------------------------------------------------------------------- Message: 1 Date: Tue, 17 Jan 2012 07:28:07 +0000 From: bitange@jambo.co.ke To: "Pamela" <pamela@cardiacimplants.com>, kictanet-bounces+bitange=jambo.co.ke@lists.kictanet.or.ke Cc: 'KICTAnet ICT Policy Discussions' <kictanet@lists.kictanet.or.ke> Subject: Re: [kictanet] Reality-on Media Message-ID: <1350874180-1326785244-cardhu_decombobulator_blackberry.rim.net-83781638-@b27.c2.bise7.blackberry> Content-Type: text/plain; charset="Windows-1252" In my view, you can tell if an economy is a middle income or not by checking the availability of toilet paper in the bathroons especially public toilets. There is a very high correlation of income and such essentials. In developing countries you hardly get toilet at it is stolen by the have nots. Kenya flip flops between low income and lower middle income status. That is why sometimes you get the toilet paper. The World Bank definition is too complex for ordinary people to understand. Take your own sample when you travel and for sure my model works. Ndemo. Sent from my BlackBerry? -----Original Message----- From: "Pamela" <pamela@cardiacimplants.com> Sender: kictanet-bounces+bitange=jambo.co.ke@lists.kictanet.or.keDate: Mon, 16 Jan 2012 16:07:51 To: <bitange@jambo.co.ke> Cc: 'KICTAnet ICT Policy Discussions'<kictanet@lists.kictanet.or.ke> Subject: Re: [kictanet] Reality-on Media _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/bitange%40jambo.co.ke The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. ------------------------------ _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet End of kictanet Digest, Vol 56, Issue 53 **************************************** -- ------------------------ Jim Comptech Consultants ltd. Tel: 254 20 2503637, 254 716 852202, 254 735 195969 Occidental Plaza, 4th Flr., Muthithi Rd. Westlands. P.O.Box 73639 - 00200, Nairobi, Kenya. http://www.jimcomptech.com _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/odhiambo%40gmail.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. Please consider the environment before printing this email.