Day 3 of 10: What threats would face Regulators as they adopt service provision over the web
....just opening up day 3. hope all the silent participants can say something today, particularly those outside .KE, plse share your experiences... Back to the thread. It is important to say that this thread is not there to dissuade Regulators going online but rather to ensure that they would do so after taking the necessary precautions. I would imagine that once the Regulators put their services onine, they would face the same challenges or threats as any other entity that gets online. Security books would tell you that the threats would revolve around the following: Confidentiality: restricting data to the authorised person/entity Integrity: ensuring that the stored data in not illegally modified Availability: ensuring that online services are operational as required by the customers/stakeholders Non-repudiability: ensuring that e-Transactions can be tracked back to the originator We need to think like hackers here. Assuming you had the time, the motive and the skill, what would you want to lay your hands on from the e-Regulators? 1 -day on this thread. Keep your comments coming and fear not since we are yet to have e-Legislation in this part of world ;-). walu. ____________________________________________________________________________________ Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
Walu, John Walubengo wrote:
We need to think like hackers here. Assuming you had the time, the motive and the skill, what would you want to lay your hands on from the e-Regulators?
A hackers world is driven by "bragging rights" which elevates an individual from a n00b (a newbie) giving them access to various h4ckers forums especially on IRC chats where there's alot of information and knowledge to be gained. There are three types of h4ackers i.e black-hats, grey-hats and white-hats. With that background, its important to know that websites to black-hats/grey-hats are like priced tokens. A place to harness their skills and every success earns them bragging rights amongst their peers. White-hats are known as ethical h4ckers and despised by the rest. There are numerous techniques that are used to break into websites ranging from remote file injection (RFI) into databases, defacing and Denial of Service attacks (DDoS). IMHO, the e-Regulators will attract attention and thus the information placed online would therefore require them to deploy advanced security features & systems to mitigate against these types of attacks. The e-Regulators information can be "confidential information" hence up for sale to the highest bidder. While this maybe a little bit far fetched, but in a competitive environment and where the regulators are privy to some of this information from the service providers/bidders, your guess is as good as mine. Phishing & identity theft are major attractions of such websites. One of the most important aspects of security is to understand that there still exists the social vulnerability aspect. This is by far the most difficult to safeguard against. Fortunately or unfortunately, most h4ckers are well aware of this vulnerability. DDOS and Defacements impact socially on the organizations ability to provide the online services. They should never be ignored as the perpetrators can always leave back-doors into the system. My humble attempt to thinking as a hacker and hope that helps. Regards, -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Thanks Michuki for insights on the internet risks. Very useful and relevant to entities getting online, particularly the point on social engineering/vulnerability. Human beings are often the weakest link in a security chain. Thats why we still have the so-called Nigerian Scam mails and Phishing attacks still going strong. Indeed something to worry about. Anybody with other threat examples? walu. --- Michuki Mwangi <michuki@swiftkenya.com> wrote:
Walu,
John Walubengo wrote:
We need to think like hackers here. Assuming you had
the
time, the motive and the skill, what would you want to lay your hands on from the e-Regulators?
A hackers world is driven by "bragging rights" which elevates an individual from a n00b (a newbie) giving them access to various h4ckers forums especially on IRC chats where there's alot of information and knowledge to be gained. There are three types of h4ackers i.e black-hats, grey-hats and white-hats.
With that background, its important to know that websites to black-hats/grey-hats are like priced tokens. A place to harness their skills and every success earns them bragging rights amongst their peers. White-hats are known as ethical h4ckers and despised by the rest.
There are numerous techniques that are used to break into websites ranging from remote file injection (RFI) into databases, defacing and Denial of Service attacks (DDoS).
IMHO, the e-Regulators will attract attention and thus the information placed online would therefore require them to deploy advanced security features & systems to mitigate against these types of attacks.
The e-Regulators information can be "confidential information" hence up for sale to the highest bidder. While this maybe a little bit far fetched, but in a competitive environment and where the regulators are privy to some of this information from the service providers/bidders, your guess is as good as mine. Phishing & identity theft are major attractions of such websites.
One of the most important aspects of security is to understand that there still exists the social vulnerability aspect. This is by far the most difficult to safeguard against. Fortunately or unfortunately, most h4ckers are well aware of this vulnerability.
DDOS and Defacements impact socially on the organizations ability to provide the online services. They should never be ignored as the perpetrators can always leave back-doors into the system.
My humble attempt to thinking as a hacker and hope that helps.
Regards,
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: jwalu@yahoo.com Unsubscribe or change your options at
http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
____________________________________________________________________________________ Check out the hottest 2008 models today at Yahoo! Autos. http://autos.yahoo.com/new_cars.html
participants (2)
-
John Walubengo -
Michuki Mwangi