Day 4 of 10:- IG Discussions, Internet Security.
Morning all, Looks like very little response on yesterday's topic...where's Waudo formerly WGIG member? Nway, today's IG theme is the one with the most consensus across all stakeholders. The fact that the internet is becoming a place to place to work, live, pray or play is widely acknowledged and hence the consensus on the need to protect it. The global and borderless nature of the Internet means that a secure internet needs a concerted global effort as earlier mentioned by Brian. A very secure US-territoial Internet is of no use if for example the Africa-territorial Internet is insecure since phising attacks, viruses, spam, eFrauds and other destabilizing conditions can be launched from there. Spam for example is known to constitute over 60% of email traffic on the Internet, which is a fairly significant chunk of Internet Bandwidth and Server Processing power going to waste. The main internet security debate that cross-cuts into legal/social baskets often centers around: I) How the Internet Protocol (IP) could be improved so as to trace-back the origin of the Spammers, eFraudsters, and other criminals. This may demand implementing IP tools that require all internet services (email, dns, web, etc) to be digitally signed - a feature that would come with some overheads (Mich could again assist here on which overheads these could be) II) The Jurisdiction and Arbitration of eCriminals e.g. How would one resolve a case where a Kenyan ISP is hosting an eCommerce site that sells content that is declared illegal in Germany (e.g Hitler's paraphanallia). Can/Should the Germans shut down the Kenyan business site? III) The delicate balance between pursing security and respecting citizen rights. To what extent should governments go into private emails, phone-logs, etc, in order to safeguard national security? Or what should be the mandatory procedures required of Businesses to safeguard sensitive electronic data of citizens? Plse feel free to add, clarify, object or modify the above. More importantly think of what would be an E.African position on the issues. As usual, 1day on this theme. walu.
John Walubengo wrote:
The main internet security debate that cross-cuts into legal/social baskets often centers around: I) How the Internet Protocol (IP) could be improved so as to trace-back the origin of the Spammers, eFraudsters, and other criminals. This may demand implementing IP tools that require all internet services (email, dns, web, etc) to be digitally signed - a feature that would come with some overheads (Mich could again assist here on which overheads these could be)
IMHO while tracing the perpetrators maybe a useful thing to thwart future attempt, the desired results cannot be realized as long as the weakpoints are not sealed. By sealing i refer to fixing whats broken on the IP thus making it harder for folks to break in. However, the technical part is probably the less challenging part than the part where user knowledge and community support are by and large lacking. For instance, how many users understand the importance of secure websites and checking the signed certificate authorities?. For instance how many users would be able to tell the difference between WWW.SAFARICOM.COM AND WWW.SAFARIC0M.COM if it came into their inbox and were asked to update their details. Or WWW.EQUITY.CO.KE AND WWW.EQUlTY.CO.KE and even if they picked it up would they assume that its a typo and still click on the link ahead?. IMHO training the end users on security considerations on the Internet is far more difficult. Secondly, as with most things there has to be a demand for various implementations to take root. Now unfortunately, the demand for secure IP implementations i.e DNSSEC, Secure BGP etc have gone largely un-deployed due to lack of support from both vendors and the technical folks expected to deploy the systems. This by extension can be traced back to the low demand by users for the same services. So who is entirely responsible for this should be a question and what measures are needed to be put in place to ensure that the right security implementations are done and in good time?. With regards to the overheads that will be involved in having digitally signed communications or encrypted and secure communications - well the impact on bandwidth is minimal. The issues maybe compatibility with old and legacy systems and costs of upgrading them. Another important issues is having good and reliable connectivity where verification is needed. IMHO security is by and large a social problem that requires social perspectives to resolve than technical. Regards, Michuki.
Michuki, I do agree with you,very few onliners, think about security,when they are online. examples: 1. How many people,do actually read the End User License Agreement on the websites,especially,when installing softwares? the link below should make a good read. http://www.pcpitstop.com/spycheck/eula.asp 2. Should there be or is there a policy,when it comes to changing a domain name? When one types; www.nationmedia.com you are redirected to www.nationmedia.co.ke....I check this website everyday....one day it was so slow loading...then...walaa...its .co.ke....if we dont take the time(maybe I missed it) to let our users know of the changes....then, what will happen when when Kenya gets into serious E-commerce? I believe we need to start now,to build trust online,it may seem like a small thing,but it will go a long way. e.g what is the difference between www.safaricom.com and www.safaricom.co.ke ? I) The Jurisdiction and Arbitration of eCriminals e.g. How would one resolve a case where a Kenyan ISP is hosting an eCommerce site that sells content that is declared illegal in Germany (e.g Hitler's paraphanallia). Can/Should the Germans shut down the Kenyan business site? Well,I think the Yahoo and France on the Nazi case was a great eye opener in this regard, but what does that mean.......if the Germany decides to filter ccTLD(.KE)...then all Kenyan businesses loose.....not a very wise option! the ISP's will have to be responsible for the contents they display??. Kind Regards, On Thu, Aug 14, 2008 at 8:05 AM, John Walubengo <jwalu@yahoo.com> wrote:
Morning all,
Looks like very little response on yesterday's topic...where's Waudo formerly WGIG member? Nway, today's IG theme is the one with the most consensus across all stakeholders. The fact that the internet is becoming a place to place to work, live, pray or play is widely acknowledged and hence the consensus on the need to protect it.
The global and borderless nature of the Internet means that a secure internet needs a concerted global effort as earlier mentioned by Brian. A very secure US-territoial Internet is of no use if for example the Africa-territorial Internet is insecure since phising attacks, viruses, spam, eFrauds and other destabilizing conditions can be launched from there. Spam for example is known to constitute over 60% of email traffic on the Internet, which is a fairly significant chunk of Internet Bandwidth and Server Processing power going to waste.
The main internet security debate that cross-cuts into legal/social baskets often centers around: I) How the Internet Protocol (IP) could be improved so as to trace-back the origin of the Spammers, eFraudsters, and other criminals. This may demand implementing IP tools that require all internet services (email, dns, web, etc) to be digitally signed - a feature that would come with some overheads (Mich could again assist here on which overheads these could be) II) The Jurisdiction and Arbitration of eCriminals e.g. How would one resolve a case where a Kenyan ISP is hosting an eCommerce site that sells content that is declared illegal in Germany (e.g Hitler's paraphanallia). Can/Should the Germans shut down the Kenyan business site? III) The delicate balance between pursing security and respecting citizen rights. To what extent should governments go into private emails, phone-logs, etc, in order to safeguard national security? Or what should be the mandatory procedures required of Businesses to safeguard sensitive electronic data of citizens?
Plse feel free to add, clarify, object or modify the above. More importantly think of what would be an E.African position on the issues.
As usual, 1day on this theme.
walu.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: judyokite@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/judyokite%40gmail.com
-- "Do not go where the path may lead, go instead where there is no path and leave a trail." ~ Ralph Waldo Emerson
Good afternoon ladies and gents, Information security... one query i had been asking myself for years.. is how can we be sure we take the necessary measures to ensure "my" information is safe...however this has always fallen on the higher side... especially now in a strange world of buying all types and goods and services from as far as Brazil and know it will be delivered right to my door. One element remains is *how safe* is my or any of your information and details in the virtual world...and what is being done to protect it once its there... Just looking back a couple moth ago, we saw with the safcom IPO when all (or maybe just me..) there was a loop hole to see what person had on a portfolio... ofcourse this could be downplayed.. but just for example... Information is only too powerful a resource that we all in different capacities hold dear...once in the hand of others we may feel violated / vulnerable... similar as being burgled in a way...someone being able to walk right through my front door and check on my personal files.. take what they need and do what they will... so information security surely needs to be tackled and or awareness to consumers and businesses; I think one area for review is this area of authentication of actual users and at the varios portals that are currently popping up in all avenues... as Mich and other colleagues have already indicated... u never know what site u may be logging onto and giving your access codes to the online mwizi... With that said e-commerce is here to be embraced... and most definitely for development...using whatever technologies or combination there are on the market to promote this...but with customer / consumer information at risk... i think the one main focus point is on the ample meausre's needed to ensure security of customer information... Given the ever growing rate in internet and or e-fraud instances currently experienced in Europe, US, etc.., one of the main reported cases of internet fraud is through identity fraud... i think as we embark on this new trend of business and convenience.. we could assist in eductating the community locally...regionally.. on the potential threats... and thereof.... Ok prior to proposing a possible solution through this.. and respecting this as a discussion fora... i will first seek permission to :-) Just FYI: heres some information / statistics on cyber crime: http://www.tamingthebeast.net/blog/ecommerce/internet-fraud-statistics-0207.... http://securosis.com/2008/06/09/new-identity-theft-stats/ Kind regards, Patrick Mburu Director - IT www.ats-africa.com *"Prevention is better than cure..."* 2008/8/15 Judy Okite <judyokite@gmail.com>
Michuki,
I do agree with you,very few onliners, think about security,when they are online. examples:
1. How many people,do actually read the End User License Agreement on the websites,especially,when installing softwares? the link below should make a good read.
http://www.pcpitstop.com/spycheck/eula.asp
2. Should there be or is there a policy,when it comes to changing a domain name?
When one types; www.nationmedia.com you are redirected to www.nationmedia.co.ke....I check this website everyday....one day it was so slow loading...then...walaa...its .co.ke....if we dont take the time(maybe I missed it) to let our users know of the changes....then, what will happen when when Kenya gets into serious E-commerce? I believe we need to start now,to build trust online,it may seem like a small thing,but it will go a long way.
e.g what is the difference between www.safaricom.com and www.safaricom.co.ke?
I) The Jurisdiction and Arbitration of eCriminals e.g. How would one resolve a case where a Kenyan ISP is hosting an eCommerce site that sells content that is declared illegal in Germany (e.g Hitler's paraphanallia). Can/Should the Germans shut down the Kenyan business site?
Well,I think the Yahoo and France on the Nazi case was a great eye opener in this regard, but what does that mean.......if the Germany decides to filter ccTLD(.KE)...then all Kenyan businesses loose.....not a very wise option! the ISP's will have to be responsible for the contents they display??.
Kind Regards,
On Thu, Aug 14, 2008 at 8:05 AM, John Walubengo <jwalu@yahoo.com> wrote:
Morning all,
Looks like very little response on yesterday's topic...where's Waudo formerly WGIG member? Nway, today's IG theme is the one with the most consensus across all stakeholders. The fact that the internet is becoming a place to place to work, live, pray or play is widely acknowledged and hence the consensus on the need to protect it.
The global and borderless nature of the Internet means that a secure internet needs a concerted global effort as earlier mentioned by Brian. A very secure US-territoial Internet is of no use if for example the Africa-territorial Internet is insecure since phising attacks, viruses, spam, eFrauds and other destabilizing conditions can be launched from there. Spam for example is known to constitute over 60% of email traffic on the Internet, which is a fairly significant chunk of Internet Bandwidth and Server Processing power going to waste.
The main internet security debate that cross-cuts into legal/social baskets often centers around: I) How the Internet Protocol (IP) could be improved so as to trace-back the origin of the Spammers, eFraudsters, and other criminals. This may demand implementing IP tools that require all internet services (email, dns, web, etc) to be digitally signed - a feature that would come with some overheads (Mich could again assist here on which overheads these could be) II) The Jurisdiction and Arbitration of eCriminals e.g. How would one resolve a case where a Kenyan ISP is hosting an eCommerce site that sells content that is declared illegal in Germany (e.g Hitler's paraphanallia). Can/Should the Germans shut down the Kenyan business site? III) The delicate balance between pursing security and respecting citizen rights. To what extent should governments go into private emails, phone-logs, etc, in order to safeguard national security? Or what should be the mandatory procedures required of Businesses to safeguard sensitive electronic data of citizens?
Plse feel free to add, clarify, object or modify the above. More importantly think of what would be an E.African position on the issues.
As usual, 1day on this theme.
walu.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: judyokite@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/judyokite%40gmail.com
-- "Do not go where the path may lead, go instead where there is no path and leave a trail." ~ Ralph Waldo Emerson
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: patrick.mburu@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/patrick.mburu%40gmail.c...
Good afternoon, Sorry for the late post. I am seeking responses to the following in relation to security: - Are there initiatives to create awareness on internet security? - Apart from CSIRT-KENYA are there other institutions that monitor vulnerability incidents? - What institutional framework should be set up to deal with cyber security? - Are there any success stories in dealing with security incidents? Kind regards Mwende Disclaimer: These comments are the author's own On 8/15/08, Patrick Mburu <patrick.mburu@gmail.com> wrote:
Good afternoon ladies and gents,
Information security... one query i had been asking myself for years.. is how can we be sure we take the necessary measures to ensure "my" information is safe...however this has always fallen on the higher side... especially now in a strange world of buying all types and goods and services from as far as Brazil and know it will be delivered right to my door. One element remains is *how safe* is my or any of your information and details in the virtual world...and what is being done to protect it once its there... Just looking back a couple moth ago, we saw with the safcom IPO when all (or maybe just me..) there was a loop hole to see what person had on a portfolio... ofcourse this could be downplayed.. but just for example...
Information is only too powerful a resource that we all in different capacities hold dear...once in the hand of others we may feel violated / vulnerable... similar as being burgled in a way...someone being able to walk right through my front door and check on my personal files.. take what they need and do what they will... so information security surely needs to be tackled and or awareness to consumers and businesses;
I think one area for review is this area of authentication of actual users and at the varios portals that are currently popping up in all avenues... as Mich and other colleagues have already indicated... u never know what site u may be logging onto and giving your access codes to the online mwizi...
With that said e-commerce is here to be embraced... and most definitely for development...using whatever technologies or combination there are on the market to promote this...but with customer / consumer information at risk... i think the one main focus point is on the ample meausre's needed to ensure security of customer information...
Given the ever growing rate in internet and or e-fraud instances currently experienced in Europe, US, etc.., one of the main reported cases of internet fraud is through identity fraud... i think as we embark on this new trend of business and convenience.. we could assist in eductating the community locally...regionally.. on the potential threats... and thereof....
Ok prior to proposing a possible solution through this.. and respecting this as a discussion fora... i will first seek permission to :-)
Just FYI: heres some information / statistics on cyber crime:
http://www.tamingthebeast.net/blog/ecommerce/internet-fraud-statistics-0207.... http://securosis.com/2008/06/09/new-identity-theft-stats/
Kind regards,
Patrick Mburu Director - IT www.ats-africa.com *"Prevention is better than cure..."*
2008/8/15 Judy Okite <judyokite@gmail.com>
Michuki,
I do agree with you,very few onliners, think about security,when they are online. examples:
1. How many people,do actually read the End User License Agreement on the websites,especially,when installing softwares? the link below should make a good read.
http://www.pcpitstop.com/spycheck/eula.asp
2. Should there be or is there a policy,when it comes to changing a domain name?
When one types; www.nationmedia.com you are redirected to www.nationmedia.co.ke....I check this website everyday....one day it was so slow loading...then...walaa...its .co.ke....if we dont take the time(maybe I missed it) to let our users know of the changes....then, what will happen when when Kenya gets into serious E-commerce? I believe we need to start now,to build trust online,it may seem like a small thing,but it will go a long way.
e.g what is the difference between www.safaricom.com and www.safaricom.co.ke?
I) The Jurisdiction and Arbitration of eCriminals e.g. How would one resolve a case where a Kenyan ISP is hosting an eCommerce site that sells content that is declared illegal in Germany (e.g Hitler's paraphanallia). Can/Should the Germans shut down the Kenyan business site?
Well,I think the Yahoo and France on the Nazi case was a great eye opener in this regard, but what does that mean.......if the Germany decides to filter ccTLD(.KE)...then all Kenyan businesses loose.....not a very wise option! the ISP's will have to be responsible for the contents they display??.
Kind Regards,
On Thu, Aug 14, 2008 at 8:05 AM, John Walubengo <jwalu@yahoo.com>wrote:
Morning all,
Looks like very little response on yesterday's topic...where's Waudo formerly WGIG member? Nway, today's IG theme is the one with the most consensus across all stakeholders. The fact that the internet is becoming a place to place to work, live, pray or play is widely acknowledged and hence the consensus on the need to protect it.
The global and borderless nature of the Internet means that a secure internet needs a concerted global effort as earlier mentioned by Brian. A very secure US-territoial Internet is of no use if for example the Africa-territorial Internet is insecure since phising attacks, viruses, spam, eFrauds and other destabilizing conditions can be launched from there. Spam for example is known to constitute over 60% of email traffic on the Internet, which is a fairly significant chunk of Internet Bandwidth and Server Processing power going to waste.
The main internet security debate that cross-cuts into legal/social baskets often centers around: I) How the Internet Protocol (IP) could be improved so as to trace-back the origin of the Spammers, eFraudsters, and other criminals. This may demand implementing IP tools that require all internet services (email, dns, web, etc) to be digitally signed - a feature that would come with some overheads (Mich could again assist here on which overheads these could be) II) The Jurisdiction and Arbitration of eCriminals e.g. How would one resolve a case where a Kenyan ISP is hosting an eCommerce site that sells content that is declared illegal in Germany (e.g Hitler's paraphanallia). Can/Should the Germans shut down the Kenyan business site? III) The delicate balance between pursing security and respecting citizen rights. To what extent should governments go into private emails, phone-logs, etc, in order to safeguard national security? Or what should be the mandatory procedures required of Businesses to safeguard sensitive electronic data of citizens?
Plse feel free to add, clarify, object or modify the above. More importantly think of what would be an E.African position on the issues.
As usual, 1day on this theme.
walu.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: judyokite@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/judyokite%40gmail.com
-- "Do not go where the path may lead, go instead where there is no path and leave a trail." ~ Ralph Waldo Emerson
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: patrick.mburu@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/patrick.mburu%40gmail.c...
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: mwende.njiraini@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/mwende.njiraini%40gmail...
And more questions on cybercrime and privacy/security?linking it to the issue of trust, public confidence and widespread acceptance of ICTs particularly the internet. Do we feel confident about using the internet ? Do we trust the internet? and how will the level of trust and public confidence affect adoption of say e-transactions, E-education e-government applications, etc cybercrime and privacy/security? best alice mwende njiraini wrote:
Good afternoon,
Sorry for the late post.
I am seeking responses to the following in relation to security:
- Are there initiatives to create awareness on internet security?
- Apart from CSIRT-KENYA are there other institutions that monitor vulnerability incidents?
- What institutional framework should be set up to deal with cyber security?
- Are there any success stories in dealing with security incidents?
Kind regards
Mwende
Disclaimer: These comments are the author's own
On 8/15/08, *Patrick Mburu* <patrick.mburu@gmail.com <mailto:patrick.mburu@gmail.com>> wrote:
Good afternoon ladies and gents,
Information security... one query i had been asking myself for years.. is how can we be sure we take the necessary measures to ensure "my" information is safe...however this has always fallen on the higher side... especially now in a strange world of buying all types and goods and services from as far as Brazil and know it will be delivered right to my door. One element remains is *how safe* is my or any of your information and details in the virtual world...and what is being done to protect it once its there... Just looking back a couple moth ago, we saw with the safcom IPO when all (or maybe just me..) there was a loop hole to see what person had on a portfolio... ofcourse this could be downplayed.. but just for example...
Information is only too powerful a resource that we all in different capacities hold dear...once in the hand of others we may feel violated / vulnerable... similar as being burgled in a way...someone being able to walk right through my front door and check on my personal files.. take what they need and do what they will... so information security surely needs to be tackled and or awareness to consumers and businesses;
I think one area for review is this area of authentication of actual users and at the varios portals that are currently popping up in all avenues... as Mich and other colleagues have already indicated... u never know what site u may be logging onto and giving your access codes to the online mwizi...
With that said e-commerce is here to be embraced... and most definitely for development...using whatever technologies or combination there are on the market to promote this...but with customer / consumer information at risk... i think the one main focus point is on the ample meausre's needed to ensure security of customer information...
Given the ever growing rate in internet and or e-fraud instances currently experienced in Europe, US, etc.., one of the main reported cases of internet fraud is through identity fraud... i think as we embark on this new trend of business and convenience.. we could assist in eductating the community locally...regionally.. on the potential threats... and thereof....
Ok prior to proposing a possible solution through this.. and respecting this as a discussion fora... i will first seek permission to :-)
Just FYI: heres some information / statistics on cyber crime: http://www.tamingthebeast.net/blog/ecommerce/internet-fraud-statistics-0207.... http://securosis.com/2008/06/09/new-identity-theft-stats/
Kind regards,
Patrick Mburu Director - IT www.ats-africa.com <http://www.ats-africa.com/> /"Prevention is better than cure..."/
2008/8/15 Judy Okite <judyokite@gmail.com <mailto:judyokite@gmail.com>>
Michuki,
I do agree with you,very few onliners, think about security,when they are online. examples:
1. How many people,do actually read the End User License Agreement on the websites,especially,when installing softwares? the link below should make a good read.
http://www.pcpitstop.com/spycheck/eula.asp
2. Should there be or is there a policy,when it comes to changing a domain name?
When one types; www.nationmedia.com <http://www.nationmedia.com/> you are redirected to www.nationmedia.co.ke....I check this website everyday....one day it was so slow loading...then...walaa...its .co.ke....if we dont take the time(maybe I missed it) to let our users know of the changes....then, what will happen when when Kenya gets into serious E-commerce? I believe we need to start now,to build trust online,it may seem like a small thing,but it will go a long way.
e.g what is the difference between www.safaricom.com <http://www.safaricom.com/> and www.safaricom.co.ke <http://www.safaricom.co.ke/>?
I) The Jurisdiction and Arbitration of eCriminals e.g. How would one resolve a case where a Kenyan ISP is hosting an eCommerce site that sells content that is declared illegal in Germany (e.g Hitler's paraphanallia). Can/Should the Germans shut down the Kenyan business site?
Well,I think the Yahoo and France on the Nazi case was a great eye opener in this regard, but what does that mean.......if the Germany decides to filter ccTLD(.KE)...then all Kenyan businesses loose.....not a very wise option! the ISP's will have to be responsible for the contents they display??.
Kind Regards,
On Thu, Aug 14, 2008 at 8:05 AM, John Walubengo <jwalu@yahoo.com <mailto:jwalu@yahoo.com>> wrote:
Morning all,
Looks like very little response on yesterday's topic...where's Waudo formerly WGIG member? Nway, today's IG theme is the one with the most consensus across all stakeholders. The fact that the internet is becoming a place to place to work, live, pray or play is widely acknowledged and hence the consensus on the need to protect it.
The global and borderless nature of the Internet means that a secure internet needs a concerted global effort as earlier mentioned by Brian. A very secure US-territoial Internet is of no use if for example the Africa-territorial Internet is insecure since phising attacks, viruses, spam, eFrauds and other destabilizing conditions can be launched from there. Spam for example is known to constitute over 60% of email traffic on the Internet, which is a fairly significant chunk of Internet Bandwidth and Server Processing power going to waste.
The main internet security debate that cross-cuts into legal/social baskets often centers around: I) How the Internet Protocol (IP) could be improved so as to trace-back the origin of the Spammers, eFraudsters, and other criminals. This may demand implementing IP tools that require all internet services (email, dns, web, etc) to be digitally signed - a feature that would come with some overheads (Mich could again assist here on which overheads these could be) II) The Jurisdiction and Arbitration of eCriminals e.g. How would one resolve a case where a Kenyan ISP is hosting an eCommerce site that sells content that is declared illegal in Germany (e.g Hitler's paraphanallia). Can/Should the Germans shut down the Kenyan business site? III) The delicate balance between pursing security and respecting citizen rights. To what extent should governments go into private emails, phone-logs, etc, in order to safeguard national security? Or what should be the mandatory procedures required of Businesses to safeguard sensitive electronic data of citizens?
Plse feel free to add, clarify, object or modify the above. More importantly think of what would be an E.African position on the issues.
As usual, 1day on this theme.
walu.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: judyokite@gmail.com <mailto:judyokite@gmail.com> Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/judyokite%40gmail.com
-- "Do not go where the path may lead, go instead where there is no path and leave a trail." ~ Ralph Waldo Emerson
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: patrick.mburu@gmail.com <mailto:patrick.mburu@gmail.com> Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/patrick.mburu%40gmail.c...
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: mwende.njiraini@gmail.com <mailto:mwende.njiraini@gmail.com> Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/mwende.njiraini%40gmail...
------------------------------------------------------------------------
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: alice@apc.org Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/alice%40apc.org
Just a thought on this; Security and privacy have been an issue....even without the internet...the two cannot be separated.....and in this technology era...comes in freedom of expression/speech. For people to build their trust online they need to know what they are dealing with...what are the individual attacks that occur online? (Malware,Spyware,Phising...etc..etc..) The data that is being collected online...can be used against you or for you you! We need to create more awareness to onliners...before they get their critical info out there(unfortunately,most have)... a very profound statement that Mr.Walubengo made earlier this year or is it late last year..."Can the internet be made to forget?" awoke me..it is the first thing that gets to my mind...whenever i want to enter my info online...... Personally,I dont think that we can claim a 'private space' online...what is already out there...there is nothing much that you can do about it....but you can do something about what is not yet out..... The link below should give a good laugh...play the video...but it should also be a reality check.....even the ones you think you can trust with the info......:-) http://www.aclu.org/pizza/ Kind Regards, On Thu, Aug 21, 2008 at 9:54 PM, alice <alice@apc.org> wrote:
And more questions on cybercrime and privacy/security?linking it to the issue of trust, public confidence and widespread acceptance of ICTs particularly the internet.
Do we feel confident about using the internet ? Do we trust the internet? and how will the level of trust and public confidence affect adoption of say e-transactions, E-education e-government applications, etc cybercrime and privacy/security?
best alice
mwende njiraini wrote:
Good afternoon,
Sorry for the late post.
I am seeking responses to the following in relation to security:
- Are there initiatives to create awareness on internet
security?
- Apart from CSIRT-KENYA are there other institutions that monitor vulnerability incidents?
- What institutional framework should be set up to deal with cyber security?
- Are there any success stories in dealing with security incidents?
Kind regards
Mwende
Disclaimer: These comments are the author's own
On 8/15/08, *Patrick Mburu* <patrick.mburu@gmail.com <mailto:patrick.mburu@gmail.com>> wrote:
Good afternoon ladies and gents,
Information security... one query i had been asking myself for years.. is how can we be sure we take the necessary measures to ensure "my" information is safe...however this has always fallen on the higher side... especially now in a strange world of buying all types and goods and services from as far as Brazil and know it will be delivered right to my door. One element remains is *how safe* is my or any of your information and details in the virtual world...and what is being done to protect it once its there... Just looking back a couple moth ago, we saw with the safcom IPO when all (or maybe just me..) there was a loop hole to see what person had on a portfolio... ofcourse this could be downplayed.. but just for example...
Information is only too powerful a resource that we all in different capacities hold dear...once in the hand of others we may feel violated / vulnerable... similar as being burgled in a way...someone being able to walk right through my front door and check on my personal files.. take what they need and do what they will... so information security surely needs to be tackled and or awareness to consumers and businesses;
I think one area for review is this area of authentication of actual users and at the varios portals that are currently popping up in all avenues... as Mich and other colleagues have already indicated... u never know what site u may be logging onto and giving your access codes to the online mwizi...
With that said e-commerce is here to be embraced... and most definitely for development...using whatever technologies or combination there are on the market to promote this...but with customer / consumer information at risk... i think the one main focus point is on the ample meausre's needed to ensure security of customer information...
Given the ever growing rate in internet and or e-fraud instances currently experienced in Europe, US, etc.., one of the main reported cases of internet fraud is through identity fraud... i think as we embark on this new trend of business and convenience.. we could assist in eductating the community locally...regionally.. on the potential threats... and thereof....
Ok prior to proposing a possible solution through this.. and respecting this as a discussion fora... i will first seek permission to :-)
Just FYI: heres some information / statistics on cyber crime:
http://www.tamingthebeast.net/blog/ecommerce/internet-fraud-statistics-0207....
http://securosis.com/2008/06/09/new-identity-theft-stats/
Kind regards,
Patrick Mburu Director - IT www.ats-africa.com <http://www.ats-africa.com/> /"Prevention is better than cure..."/
2008/8/15 Judy Okite <judyokite@gmail.com <mailto:judyokite@gmail.com>>
Michuki,
I do agree with you,very few onliners, think about security,when they are online. examples:
1. How many people,do actually read the End User License Agreement on the websites,especially,when installing softwares? the link below should make a good read.
http://www.pcpitstop.com/spycheck/eula.asp
2. Should there be or is there a policy,when it comes to changing a domain name?
When one types; www.nationmedia.com <http://www.nationmedia.com/> you are redirected to www.nationmedia.co.ke....I check this website everyday....one day it was so slow loading...then...walaa...its .co.ke....if we dont take the time(maybe I missed it) to let our users know of the changes....then, what will happen when when Kenya gets into serious E-commerce? I believe we need to start now,to build trust online,it may seem like a small thing,but it will go a long way.
e.g what is the difference between www.safaricom.com <http://www.safaricom.com/> and www.safaricom.co.ke <http://www.safaricom.co.ke/>?
I) The Jurisdiction and Arbitration of eCriminals e.g. How would one resolve a case where a Kenyan ISP is hosting an eCommerce site that sells content that is declared illegal in Germany (e.g Hitler's paraphanallia). Can/Should the Germans shut down the Kenyan business site?
Well,I think the Yahoo and France on the Nazi case was a great eye opener in this regard, but what does that mean.......if the Germany decides to filter ccTLD(.KE)...then all Kenyan businesses loose.....not a very wise option! the ISP's will have to be responsible for the contents they display??.
Kind Regards,
On Thu, Aug 14, 2008 at 8:05 AM, John Walubengo <jwalu@yahoo.com <mailto:jwalu@yahoo.com>> wrote:
Morning all,
Looks like very little response on yesterday's topic...where's Waudo formerly WGIG member? Nway, today's IG theme is the one with the most consensus across all stakeholders. The fact that the internet is becoming a place to place to work, live, pray or play is widely acknowledged and hence the consensus on the need to protect it.
The global and borderless nature of the Internet means that a secure internet needs a concerted global effort as earlier mentioned by Brian. A very secure US-territoial Internet is of no use if for example the Africa-territorial Internet is insecure since phising attacks, viruses, spam, eFrauds and other destabilizing conditions can be launched from there. Spam for example is known to constitute over 60% of email traffic on the Internet, which is a fairly significant chunk of Internet Bandwidth and Server Processing power going to waste.
The main internet security debate that cross-cuts into legal/social baskets often centers around: I) How the Internet Protocol (IP) could be improved so as to trace-back the origin of the Spammers, eFraudsters, and other criminals. This may demand implementing IP tools that require all internet services (email, dns, web, etc) to be digitally signed - a feature that would come with some overheads (Mich could again assist here on which overheads these could be) II) The Jurisdiction and Arbitration of eCriminals e.g. How would one resolve a case where a Kenyan ISP is hosting an eCommerce site that sells content that is declared illegal in Germany (e.g Hitler's paraphanallia). Can/Should the Germans shut down the Kenyan business site? III) The delicate balance between pursing security and respecting citizen rights. To what extent should governments go into private emails, phone-logs, etc, in order to safeguard national security? Or what should be the mandatory procedures required of Businesses to safeguard sensitive electronic data of citizens?
Plse feel free to add, clarify, object or modify the above. More importantly think of what would be an E.African position on the issues.
As usual, 1day on this theme.
walu.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: judyokite@gmail.com <mailto:judyokite@gmail.com> Unsubscribe or change your options at
http://lists.kictanet.or.ke/mailman/options/kictanet/judyokite%40gmail.com
-- "Do not go where the path may lead, go instead where there is no path and leave a trail." ~ Ralph Waldo Emerson
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: patrick.mburu@gmail.com <mailto:patrick.mburu@gmail.com> Unsubscribe or change your options at
http://lists.kictanet.or.ke/mailman/options/kictanet/patrick.mburu%40gmail.c...
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: mwende.njiraini@gmail.com <mailto:mwende.njiraini@gmail.com> Unsubscribe or change your options at
http://lists.kictanet.or.ke/mailman/options/kictanet/mwende.njiraini%40gmail...
------------------------------------------------------------------------
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: alice@apc.org Unsubscribe or change your options at
http://lists.kictanet.or.ke/mailman/options/kictanet/alice%40apc.org
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: judyokite@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/judyokite%40gmail.com
-- "Do not go where the path may lead, go instead where there is no path and leave a trail." ~ Ralph Waldo Emerson
participants (6)
-
alice -
John Walubengo -
Judy Okite -
Michuki Mwangi -
mwende njiraini -
Patrick Mburu